vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
3ae8fd627a2d96c7e5ee9b51cfdf19caed8fe1d4
doc-exports/docs/rds/umn/rds_02_0014.html
Wang , Deng Ke 79b1bc1455 RDS UMN 20221101 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Wang , Deng Ke <wangdengke2@huawei.com>
Co-committed-by: Wang , Deng Ke <wangdengke2@huawei.com>
2023-01-09 10:26:58 +00:00

24 lines
6.1 KiB
HTML
Raw Blame History

<a name="rds_02_0014"></a><a name="rds_02_0014"></a>
<h1 class="topictitle1">Configuring Security Group Rules</h1>
<div id="body8662426"><div class="section" id="rds_02_0014__en-us_topic_0192953697_sf45ae489721044578fc3fd08405287ca"><h4 class="sectiontitle">Scenarios</h4><p id="rds_02_0014__en-us_topic_0192953697_p15131117433">A <span class="keyword" id="rds_02_0014__keyword6450182572716">security group</span> is a collection of access control rules for <span id="rds_02_0014__text15456725182715">ECS</span>s and <span id="rds_02_0014__text11456162510271">RDS</span> DB instances that have the same security protection requirements and are mutually trusted in a VPC.</p>
<p id="rds_02_0014__en-us_topic_0192953697_en-us_topic_0134327719_p15501545485">This section describes how to create a security group to enable specific IP addresses and ports to access <span id="rds_02_0014__text1921283011285">RDS</span>.</p>
<p id="rds_02_0014__en-us_topic_0192953697_p96833894311">First check whether the ECS and RDS DB instance are in the same security group.</p>
<ul id="rds_02_0014__en-us_topic_0192953697_ul144352480228"><li id="rds_02_0014__en-us_topic_0192953697_li1443519484221">If the ECS and RDS DB instance are in the same security group, they can communicate with each other by default. No security group rule needs to be configured. Go to <a href="rds_02_0016.html">Connecting to a DB Instance Through psql</a>.</li><li id="rds_02_0014__en-us_topic_0192953697_li1443574832217">If the ECS and RDS DB instance are in different security groups, you need to configure security group rules for them, separately.<ul id="rds_02_0014__en-us_topic_0192953697_ul74351648182211"><li id="rds_02_0014__en-us_topic_0192953697_li743520483225">RDS DB instance: Configure an <strong id="rds_02_0014__b17464119161713">inbound rule</strong> for the security group with which the RDS DB instance is associated.</li><li id="rds_02_0014__en-us_topic_0192953697_li124352488226">ECS: The default security group rule allows all outgoing data packets. In this case, you do not need to configure a security rule for the ECS. If not all outbound traffic is allowed in the security group, you need to configure an <strong id="rds_02_0014__b213312610175">outbound rule</strong> for the ECS.</li></ul>
</li></ul>
</div>
<div class="section" id="rds_02_0014__en-us_topic_0192953697_s993d56a9d4e041c2a6546bacf61b28de"><h4 class="sectiontitle">Precautions</h4><p id="rds_02_0014__en-us_topic_0192953697_afb7e447fd9ac47c9b5b037b47e272310">The default security group rule allows all outgoing data packets. <span id="rds_02_0014__text108017360289">ECS</span>s and RDS DB instances can access each other if they are deployed in the same security group. After a security group is created, you can configure security group rules to control access from and to the DB instances in the security group.</p>
<ul id="rds_02_0014__en-us_topic_0192953697_u203e859c7265443cba2d4136e35832c7"><li id="rds_02_0014__li1349111512617">By default, a tenant can create a maximum of 100 security groups.</li><li id="rds_02_0014__l4078bf7780a34850be7cec9ed9a1ef1c">By default, each security group can have a maximum of 50 security group rules.</li><li id="rds_02_0014__li1047115112910">One security group can be associated with only one RDS DB instance.</li><li id="rds_02_0014__lda26356485ec44c999d68471c3283e3d">Too many security group rules will increase the first packet latency. You are advised to create no more than 50 rules for each security group.</li><li id="rds_02_0014__en-us_topic_0192953697_l8d5faae460b64fbf8874b71087c5cbd5">To enable access to an RDS DB instance from resources outside the security group, you need to configure an <strong id="rds_02_0014__b1435795792813">inbound rule</strong> for the security group associated with the RDS DB instance.</li></ul>
<div class="note" id="rds_02_0014__en-us_topic_0192953697_ned3aaa55f96f4c2fa40849188b16092b"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rds_02_0014__en-us_topic_0192953697_en-us_topic_0134327719_p147943013223">If you use <strong id="rds_02_0014__b09691414293">0.0.0.0/0</strong>, RDS DB instances in the security group can be accessed from any IP address.</p>
</div></div>
</div>
<div class="section" id="rds_02_0014__en-us_topic_0192953697_s1180e3b90880473c9b18090acab38155"><h4 class="sectiontitle">Procedure</h4><ol id="rds_02_0014__en-us_topic_0192953697_o5122a84f2f3041488dd9938990d29812"><li id="rds_02_0014__en-us_topic_0192953697_l2a89654d560e446b8760666cba0edfde"><span>Log in to the management console.</span></li><li id="rds_02_0014__en-us_topic_0192953697_l2eecfc0aac424e4c8fd8493299d1da9c"><span>Under <strong id="rds_02_0014__en-us_topic_0192953697_b18497236152318">Network</strong>, click <strong id="rds_02_0014__en-us_topic_0192953697_b14983361232">Virtual Private Cloud</strong>.</span></li><li id="rds_02_0014__la55df1e0e3314d8c9b4b4bf6eb0ce2de"><span>In the navigation pane on the left, choose <strong id="rds_02_0014__b27572045202014">Access Control</strong> &gt; <strong id="rds_02_0014__b47581745122010">Security Groups</strong>.</span></li><li id="rds_02_0014__lde290cc48569482c86a787dda890bc52"><span>On the displayed page, locate the target security group and click <strong id="rds_02_0014__b667112497541">Manage Rule</strong> in the <strong id="rds_02_0014__b96711149195412">Operation</strong> column.</span></li><li id="rds_02_0014__en-us_topic_0192953697_l32066455e58d4ee48da985dc06262d9e"><span>On the displayed page, click <strong id="rds_02_0014__en-us_topic_0192953697_b1788017456234">Add Rule</strong>.</span></li><li id="rds_02_0014__en-us_topic_0192953697_l6d0fb9c789ec43ab8641abbe09db6197"><span>In the displayed dialog box, set required parameters to add an inbound rule.</span></li><li id="rds_02_0014__en-us_topic_0192953697_l7d025d16fa7d42b891a94c74da6eb5b6"><span>Click <strong id="rds_02_0014__en-us_topic_0192953697_b8570194995010">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rds_02_0013.html">Connecting to a PostgreSQL DB Instance Through a Private Network</a></div>
</div>
</div>
View Git Blame Copy Permalink