vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/opengauss/umn/opengauss_01_0029.html
Wang , Deng Ke 04da47cae2 openGauss UMN 20221109 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Wang , Deng Ke <wangdengke2@huawei.com>
Co-committed-by: Wang , Deng Ke <wangdengke2@huawei.com>
2022-11-29 07:39:44 +00:00

22 lines
5.1 KiB
HTML
Raw Blame History

<a name="opengauss_01_0029"></a><a name="opengauss_01_0029"></a>
<h1 class="topictitle1">Step 3: Configure Security Group Rules</h1>
<div id="body8662426"><div class="section" id="opengauss_01_0029__s792ad07bd3ef458bb445b3f1192d58bf"><h4 class="sectiontitle">Scenarios</h4><p id="opengauss_01_0029__a838bd3f491db4952a487f0d26e85c49d">A <span class="keyword" id="opengauss_01_0029__keyword10895223432">security group</span> is a collection of access control rules for ECSs and <span id="opengauss_01_0029__text806199097">GaussDB(openGauss)</span> DB instances that have the same security protection requirements and are mutually trusted in a VPC.</p>
<p id="opengauss_01_0029__a055d0857b3f34086882a19e742828405">To ensure database security and reliability, you need to configure security group rules to allow specific IP addresses and ports to access the <span id="opengauss_01_0029__text810700737">GaussDB(openGauss)</span> DB instances.</p>
<p id="opengauss_01_0029__ae8e502206b4849919989b93655f51da6">When you attempt to connect to a DB instance through an EIP, you need to configure an <strong id="opengauss_01_0029__en-us_topic_0208270916_b67211831858">inbound rule</strong> for the security group associated with the DB instance.</p>
</div>
<div class="section" id="opengauss_01_0029__s1e407784cf164ed89d9fcee7f7da9e62"><h4 class="sectiontitle">Precautions</h4><p id="opengauss_01_0029__aa76118ca5fed4809b8d5757296e8cf70">The default security group rule allows all outbound data packets. ECSs and <span id="opengauss_01_0029__text969561319918">GaussDB(openGauss)</span> DB instances can access each other if they are deployed in the same security group. After a security group is created, you can add security group rules to control the access from and to the <span id="opengauss_01_0029__text417416598414">GaussDB(openGauss)</span> DB instance in the security group.</p>
<ul id="opengauss_01_0029__ub3cba8115f2747b19920f6dfb9045327"><li id="opengauss_01_0029__lf06034c99a9a4819b7c7149df9e34c47">By default, you can create up to 500 security group rules.</li><li id="opengauss_01_0029__l280f76747a09483586d420a688c848f1">To prevent high network latency for the first packet, you are advised to create a maximum of 50 rules for each security group.</li><li id="opengauss_01_0029__l8580d75e5a9243ff99ce80f02f00e80b">To access a <span id="opengauss_01_0029__text24316819514">GaussDB(openGauss)</span> DB instance from resources outside the security group, you need to configure an <strong id="opengauss_01_0029__b2436481059">inbound rule</strong> for the security group associated with the DB instance.</li></ul>
<div class="note" id="opengauss_01_0029__n33e18f2cef4f45b9b0004e642b4ff0ee"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="opengauss_01_0029__a286250b856e446618e6441fe2c8e03bd">The default value of <strong id="opengauss_01_0029__b15985115113378">Source</strong> is <strong id="opengauss_01_0029__b20985105114371">0.0.0.0/0</strong>, indicating that all IP addresses can access the <span id="opengauss_01_0029__text1398613515373">GaussDB(openGauss)</span> DB instance in the security group.</p>
</div></div>
</div>
<div class="section" id="opengauss_01_0029__se534411919d14c3da3fa782b42faa74b"><h4 class="sectiontitle">Procedure</h4><ol id="opengauss_01_0029__ofbe1ce945d98494cadc01f1a5405972a"><li id="opengauss_01_0029__l05b0a545ac404fb0a7ee757ad1ee46fb"><span>Log in to the management console.</span></li><li id="opengauss_01_0029__l54ecd15a6a9c46f1b820519fc8020cd8"><span>Under <strong id="opengauss_01_0029__en-us_topic_0208270916_b4897445172">Network</strong>, click <strong id="opengauss_01_0029__en-us_topic_0208270916_b79044411713">Virtual Private Cloud</strong>.</span></li><li id="opengauss_01_0029__l4f9ccccd1553434da58dbd356ba047f9"><span>In the navigation pane on the left, choose <strong id="opengauss_01_0029__en-us_topic_0208270916_b11838434186">Access Control</strong> &gt; <strong id="opengauss_01_0029__en-us_topic_0208270916_b118392310185">Security Groups</strong>.</span></li><li id="opengauss_01_0029__la33b08aca79846a29359d8de4e24d4b5"><span>On the <strong id="opengauss_01_0029__ae551cc14a7d346959cd848665de2a238">Security Groups</strong> page, locate the target security group and click <strong id="opengauss_01_0029__a838ae1732d784ff989b6dc5169531d6c">Manage Rule</strong> in the <strong id="opengauss_01_0029__en-us_topic_0208270916_b680051616183">Operation</strong> column.</span></li><li id="opengauss_01_0029__l083c787489c242d3ab7088eea017765e"><span>On the displayed page, click <strong id="opengauss_01_0029__ab6d6b26301c14c07b96009d4ad5ceada">Add Rule</strong>.</span></li><li id="opengauss_01_0029__l867f673fd88b435d9b5e599abeaf33d3"><span>In the displayed dialog box, set required parameters to add an inbound rule.</span></li><li id="opengauss_01_0029__l98487bc6f0e8420f9c61d5222e0f1f53"><span>Click <strong id="opengauss_01_0029__en-us_topic_0208270916_b741934071916">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="opengauss_01_0025.html">Connecting to a DB Instance Over a Public Network</a></div>
</div>
</div>
View Git Blame Copy Permalink