Security Group Configurations

Intra-VPC Access to DCS Redis 3.0 and Memcached Instances

An ECS can communicate with a DCS instance if they belong to the same VPC and security group rules are configured correctly.

In addition, you must configure correct rules for the security groups of both the ECS and DCS instance so that you can access the instance through your client.

• If the ECS and DCS instance are configured with the same security group, network access in the group is not restricted by default.
• If the ECS and DCS instance are configured with different security groups, add security group rules to ensure that the ECS and DCS instance can access each other.
  

  • Suppose that the ECS on which the client runs belongs to security group sg-ECS, and the DCS instance that the client will access belongs to security group sg-DCS.
  • Suppose that the port number of the DCS service is 6379.
  • The remote end is a security group or an IP address.
  1. Configuring security group for the ECS.

     Add the following outbound rule to allow the ECS to access the DCS instance. Skip this rule if there are no restrictions on the outbound traffic.

  2. Configuring security group for the DCS instance.

     To ensure that your client can access the DCS instance, add the following inbound rule to the security group configured for the DCS instance:

     

     

     In the inbound rule of the security group configured for the DCS instance, set the remote end to an IP address in the same CIDR block as the subnet.

     To prevent ECSs bound with same security group as the DCS instance from being attacked by Redis vulnerabilities, exercise caution when using 0.0.0.0/0.