Configuring Security Group Rules
A security group is a collection of access control rules for ECS, , and GeminiDB Influx instances that have the same security protection requirements and are mutually trusted in a VPC.
To ensure database security and reliability, configure security group rules to allow specific IP addresses and ports to access the GeminiDB Influx instances.
This section describes how to configure security group rules for a GeminiDB Influx instance that is connected through a private or a public network.
Precautions
- By default, you can create up to 500 security group rules.
- Too many security group rules will increase the first packet latency, so a maximum of 50 rules for each security group is recommended.
- One security group can be associated with only one GeminiDB Influx instance.
- For details about security group rules, see Table 1.
Table 1 Parameter description Scenario
Description
Connecting to an instance over a private network
Configure security group rules as follows:- If the ECS and GeminiDB Influx instance are in the same security group, they can communicate with each other by default. No security group rule needs to be configured.
- If the ECS and GeminiDB Influx instance are in different security groups, configure security group rules for the ECS and instance, respectively.
- Configure inbound rules for the security group associated with the GeminiDB Influx instance. For details, see Procedure.
- The default security group rule of the ECS allows all outbound data packets, so you do not need to configure security rules for the ECS. If not all outbound traffic is allowed in the security group, configure an outbound rule for the ECS.
Connecting to an instance over a public network
If you connect to a GeminiDB Influx instance through a public network, configure inbound rules for the security group associated with the GeminiDB Influx instance. For details, see Procedure.
Procedure
- Log in to the GeminiDB console.
- In the service list, choose Databases > GeminiDB Influx API.
- On the Instances page, click the instance.
- Configure security group rules.
In the Network Information area on the Basic Information page, click the name of the security group.
Figure 1 Security group
- Add an inbound rule.
- Click the Inbound Rules tab.
Figure 2 Inbound rules
- Click Add Rule. The Add Inbound Rule dialog box is displayed.
Figure 3 Adding a rule
- In the displayed dialog box, set required parameters.
Table 2 Inbound rule settings Parameter
Description
Example Value
Protocol & Port
- The network protocol required for access. Available options: All, TCP, UDP, ICMP, or GRE
- Port: The port (1 to 65535) for accessing the ECS.
TCP
Type
IP address type. This parameter is available after IPv6 is enabled.
- IPv4
- IPv6
IPv4
Source
The IP address, IP address group, or security group that the rule applies to, which allows access from IP addresses or instances in other security group. Example:- Single IP address: xxx.xxx.xxx.xxx/32 (IPv4)
- Subnet: xxx.xxx.xxx.0/24
- All IP addresses: 0.0.0.0/0
- sg-abc (security group)
0.0.0.0/0
Description
(Optional) Provides supplementary information about the security group rule.
The description can contain up to 255 characters and cannot contain angle brackets (<>).
-
- Click the Inbound Rules tab.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot