forked from docs/doc-exports
Wang , Deng Ke
04da47cae2
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Wang , Deng Ke <wangdengke2@huawei.com> Co-committed-by: Wang , Deng Ke <wangdengke2@huawei.com>
23 lines
5.7 KiB
HTML
23 lines
5.7 KiB
HTML
<a name="opengauss_01_0023"></a><a name="opengauss_01_0023"></a>
|
|
|
|
<h1 class="topictitle1">Step 2: Configure Security Group Rules</h1>
|
|
<div id="body8662426"><div class="section" id="opengauss_01_0023__sc2720ac31ecc47409ab9b403b7f19031"><h4 class="sectiontitle">Scenarios</h4><p id="opengauss_01_0023__a3101eb28d9894694888f7f84072cbbf8">A <span class="keyword" id="opengauss_01_0023__keyword178064873110">security group</span> is a collection of access control rules for ECSs and <span id="opengauss_01_0023__text1851288693">GaussDB(openGauss)</span> DB instances that are within the same VPC, have the same security requirements, and are mutually trusted.</p>
|
|
<p id="opengauss_01_0023__ad318f13f96664de7b65117e49cb1dacb">To ensure database security and reliability, you need to configure security group rules to allow specific IP addresses and ports to access the <span id="opengauss_01_0023__text20436618">GaussDB(openGauss)</span> DB instances.</p>
|
|
<div class="p" id="opengauss_01_0023__a2efa0e7989af4d3e8ed3b3fa4b2b9941">When connecting to DB instances over a private network, you need to configure security group rules for DB instances and associated ECSs, separately.<ul id="opengauss_01_0023__u2fd7d80d71d74e2cb60968b06ae76095"><li id="opengauss_01_0023__l4da2659189c143df987f824187dbc451">DB instance: Configure an <strong id="opengauss_01_0023__aa87cf67fc5794f14b588ce0d7f9971a6">inbound</strong> <strong id="opengauss_01_0023__ae938e9a5512b4927bc6cae23287777bd">rule</strong> for the security group with which the DB instance is associated.</li><li id="opengauss_01_0023__l9eb6dd22ac6544e2be256d70a7f82bfd">ECS: The default security group rule allows all outbound data packets. In this case, you do not need to configure a security rule for the ECS. When not all outbound traffic is allowed in the security group, you need to configure an <strong id="opengauss_01_0023__b1732814527513">outbound rule</strong> for the ECS.</li></ul>
|
|
</div>
|
|
</div>
|
|
<div class="section" id="opengauss_01_0023__sd1ce3c5d3c094f2da8c80bad1322e783"><h4 class="sectiontitle">Precautions</h4><p id="opengauss_01_0023__ac91d6ce6ef2546bd8cccd17bc222ece8">The default security group rule allows all outbound data packets. This means that ECSs and <span id="opengauss_01_0023__text1792156862">GaussDB(openGauss)</span> DB instances associated with the same security group can access each other by default. You can add rules to security groups to control inbound and outbound traffic for your GaussDB(openGauss) DB instance. By associating an instance with a security group, you apply all the rules in this security group to your DB instance.</p>
|
|
<ul id="opengauss_01_0023__u309b3623b2054dcdb9ebcf863743d11b"><li id="opengauss_01_0023__laac2aee50cb8406dbcdcaf9700fd0f9f">By default, you can add a maximum of 500 security group rules.</li><li id="opengauss_01_0023__l09f51c89a4cc454f892a398cdc1a12d4">To prevent high network latency for the first packet, you are advised to create a maximum of 50 rules for each security group.</li><li id="opengauss_01_0023__lc666a6440c1e4d81b7861463a6050bd4">To access a <span id="opengauss_01_0023__text1217625163">GaussDB(openGauss)</span> DB instance from resources outside the security group, you need to configure an <strong id="opengauss_01_0023__b12421232762">inbound rule</strong> for the security group associated with the DB instance.</li></ul>
|
|
<div class="note" id="opengauss_01_0023__n85f51cf545fb42978ef78b0a7f8cd71c"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="opengauss_01_0023__ada2528fb92854b69aa6c82c96d3e3f90">The default value of <strong id="opengauss_01_0023__b469418261491">Source</strong> is <strong id="opengauss_01_0023__b1869522614918">0.0.0.0/0</strong>, indicating that all IP addresses can access the <span id="opengauss_01_0023__text1965516102">GaussDB(openGauss)</span> DB instance as long as they are associated with the same security group as the DB instance.</p>
|
|
</div></div>
|
|
</div>
|
|
<div class="section" id="opengauss_01_0023__section12240521161213"><h4 class="sectiontitle">Procedure</h4><ol id="opengauss_01_0023__o5122a84f2f3041488dd9938990d29812"><li id="opengauss_01_0023__l2a89654d560e446b8760666cba0edfde"><span>Log in to the management console.</span></li><li id="opengauss_01_0023__l2eecfc0aac424e4c8fd8493299d1da9c"><span>Under <strong id="opengauss_01_0023__b7840165817453">Network</strong>, click <strong id="opengauss_01_0023__b1184115854514">Virtual Private Cloud</strong>.</span></li><li id="opengauss_01_0023__la55df1e0e3314d8c9b4b4bf6eb0ce2de"><span>In the navigation pane on the left, choose <strong id="opengauss_01_0023__b16267200134612">Access Control</strong> > <strong id="opengauss_01_0023__b52671602463">Security Groups</strong>.</span></li><li id="opengauss_01_0023__lde290cc48569482c86a787dda890bc52"><span>On the <strong id="opengauss_01_0023__b164561211463">Security Groups</strong> page, locate the target security group and click <strong id="opengauss_01_0023__b045619164618">Manage Rule</strong> in the <strong id="opengauss_01_0023__b1745711112468">Operation</strong> column.</span></li><li id="opengauss_01_0023__l32066455e58d4ee48da985dc06262d9e"><span>On the displayed page, click <strong id="opengauss_01_0023__b168321234460">Add Rule</strong>.</span></li><li id="opengauss_01_0023__l6d0fb9c789ec43ab8641abbe09db6197"><span>In the displayed dialog box, set required parameters to add an inbound rule.</span></li><li id="opengauss_01_0023__l7d025d16fa7d42b891a94c74da6eb5b6"><span>Click <strong id="opengauss_01_0023__b10514724617">OK</strong>.</span></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="opengauss_01_0020.html">Connecting to a DB Instance Over a Private Network</a></div>
|
|
</div>
|
|
</div>
|
|
|