Help Center> Document Database Service> User Guide (Kuala Lumpur Region)> Getting Started with Replica Sets> Connecting to a Replica Set Instance Over Private Networks> Setting a Security Group
Updated on 2022-08-17 GMT+08:00
View PDF

Setting a Security Group

Scenarios

This section guides you on how to add a security group rule to control access from and to DDS DB instances in a security group. The following describes how to set security groups.

Precautions

The default security group rule allows all outgoing data packets. ECSs and DDS DB instances in the same security group can access each other. After a security group is created, you can create different rules for that security group, which allows you to control access to the DB instances that are in it.

To access a DB instance in a security group from a source outside of that group, you need to create an inbound rule.

For details about the constraints on the using security groups, see "Security Group Overview" in the Virtual Private Cloud User Guide.

Procedure

  1. On the Instance Management page, click the target replica set instance.
  2. In the navigation pane on the left, choose Connections.
  3. In the Security Group area, on the Inbound Rules tab, click Add Rule. In the displayed Add Inbound Rule dialog box, set required parameters to add inbound rules. On the Outbound Rules tab, click Add Rule. In the displayed Add Outbound Rule dialog box, set required parameters to add outbound rules.

    You can click to add more rules.

  4. Add a security group rule as prompted.

    Table 1 Parameter description

    Parameter

    Description

    Value Example

    Protocol

    The network protocol required for access. You can allow all protocols or specify a specific protocol, TCP, UDP, ICMP, and SSH.

    TCP

    Port

    Specifies the port that allows the access to ECSs or external devices.

    8635

    Source/Destination

    Specifies the supported IP address and security group that the rule applies to.

    • IP address: The IP address or subnet that the rule applies to. Single IP addresses must be expressed using slash notation.
      • Single IP address: xxx.xxx.xxx.xxx/32 (IPv4)
      • Subnet: xxx.xxx.xxx.0/24
      • All IP addresses: 0.0.0.0/0
    • Security group: A security group that access will be allowed from. ECSs in this security group will be granted access to DDS instance in the current security group.
    • 192.168.10.0/24
    • default

  5. Click OK.