Updated on 2022-02-22 GMT+08:00

Setting a Security Group

Scenarios

This section explains how to add a security group rule to control access to and from the DDS DB instances in a security group.

Precautions

The default security group rule allows all outgoing data packets. ECSs and DDS DB instances in the same security group can access each other. After a security group is created, you can create different rules for that security group, which allows you to control access to the DB instances that are in it.

To access a DB instance in a security group from a source outside of that group, you need to create an inbound rule.

For details about the constraints on the using security groups, see "Security Group Overview" in the Virtual Private Cloud User Guide.

Procedure

  1. On the Instance Management page, click the target cluster instance.
  2. In the navigation pane on the left, choose Connections.
  3. In the Security Group area, on the Inbound Rules tab, click Add Rule. In the displayed Add Inbound Rule dialog box, set required parameters to add inbound rules. On the Outbound Rules tab, click Add Rule. In the displayed Add Outbound Rule dialog box, set required parameters to add outbound rules.

    You can click to add more rules.

  4. Add a security group rule as prompted.

    Table 1 Parameter description

    Parameter

    Description

    Value Example

    Protocol

    The network protocol required for access. You can allow all protocols or specify a specific protocol, TCP, UDP, ICMP, and SSH.

    TCP

    Port

    Specifies the port that allows the access to ECSs or external devices.

    8635

    Source/Destination

    Specifies the supported IP address and security group that the rule applies to.

    • IP address: The IP address or subnet that the rule applies to. Single IP addresses must be expressed using slash notation.
      • Single IP address: xxx.xxx.xxx.xxx/32 (IPv4)
      • Subnet: xxx.xxx.xxx.0/24
      • All IP addresses: 0.0.0.0/0
    • Security group: A security group that access will be allowed from. ECSs in this security group will be granted access to DDS instance in the current security group.
    • 192.168.10.0/24
    • default

  5. Click OK.