vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/rds/umn/rds_02_0003.html
Wang , Deng Ke 79b1bc1455 RDS UMN 20221101 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Wang , Deng Ke <wangdengke2@huawei.com>
Co-committed-by: Wang , Deng Ke <wangdengke2@huawei.com>
2023-01-09 10:26:58 +00:00

22 lines
5.4 KiB
HTML
Raw Blame History

<a name="rds_02_0003"></a><a name="rds_02_0003"></a>
<h1 class="topictitle1">Configuring Security Group Rules</h1>
<div id="body8662426"><div class="section" id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_sf45ae489721044578fc3fd08405287ca"><h4 class="sectiontitle">Scenarios</h4><p id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_p15131117433">A <span class="keyword" id="rds_02_0003__keyword478822104510">security group</span> is a collection of access control rules for <span id="rds_02_0003__text6789421124510">ECS</span>s and <span id="rds_02_0003__text9789132124515">RDS</span> DB instances that have the same security protection requirements and are mutually trusted in a VPC.</p>
<p id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_en-us_topic_0134327719_p15501545485">This section describes how to create a security group to enable specific IP addresses and ports to access <span id="rds_02_0003__text141681040174519">RDS</span>.</p>
<p id="rds_02_0003__en-us_topic_0192964142_p159312794814">When you attempt to connect to an RDS DB instance through an <span id="rds_02_0003__text1570571194718">EIP</span>, you need to configure an <strong id="rds_02_0003__b370612119473">inbound rule</strong> for the security group associated with the DB instance.</p>
</div>
<div class="section" id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_s993d56a9d4e041c2a6546bacf61b28de"><h4 class="sectiontitle">Precautions</h4><p id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_afb7e447fd9ac47c9b5b037b47e272310">The default security group rule allows all outgoing data packets. <span id="rds_02_0003__text153266477458">ECS</span>s and RDS DB instances can access each other if they are deployed in the same security group. After a security group is created, you can configure security group rules to control access from and to the DB instances in the security group.</p>
<ul id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_u203e859c7265443cba2d4136e35832c7"><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_l4078bf7780a34850be7cec9ed9a1ef1c">By default, you can create a maximum of 500 security group rules.</li><li id="rds_02_0003__li91425013567">One security group can be associated with only one RDS DB instance.</li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_lda26356485ec44c999d68471c3283e3d">Too many security group rules will increase the first packet latency. You are advised to create no more than 50 rules for each security group.</li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_l8d5faae460b64fbf8874b71087c5cbd5">To enable access to an RDS DB instance from resources outside the security group, you need to configure an <strong id="rds_02_0003__b564765484510">inbound rule</strong> for the security group associated with the RDS DB instance.</li></ul>
<div class="note" id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_ned3aaa55f96f4c2fa40849188b16092b"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_en-us_topic_0134327719_p147943013223">If you use <strong id="rds_02_0003__b1481042211120">0.0.0.0/0</strong>, RDS DB instances in the security group can be accessed from any IP address.</p>
</div></div>
</div>
<div class="section" id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_s1180e3b90880473c9b18090acab38155"><h4 class="sectiontitle">Procedure</h4><ol id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_o5122a84f2f3041488dd9938990d29812"><li id="rds_02_0003__en-us_topic_0192953697_l2a89654d560e446b8760666cba0edfde"><span>Log in to the management console.</span></li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_l2eecfc0aac424e4c8fd8493299d1da9c"><span>Under <strong id="rds_02_0003__b8443172114137">Network</strong>, click <strong id="rds_02_0003__b12445132161312">Virtual Private Cloud</strong>.</span></li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_la55df1e0e3314d8c9b4b4bf6eb0ce2de"><span>In the navigation pane on the left, choose <strong id="rds_02_0003__b18710122221316">Access Control</strong> &gt; <strong id="rds_02_0003__b1671152218133">Security Groups</strong>.</span></li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_lde290cc48569482c86a787dda890bc52"><span>On the <strong id="rds_02_0003__b10113424171313">Security Groups</strong> page, locate the target security group and click <strong id="rds_02_0003__b1511472461319">Manage Rule</strong> in the <strong id="rds_02_0003__b1511622419132">Operation</strong> column.</span></li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_l32066455e58d4ee48da985dc06262d9e"><span>On the displayed page, click <strong id="rds_02_0003__b255762631316">Add Rule</strong>.</span></li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_l6d0fb9c789ec43ab8641abbe09db6197"><span>In the displayed dialog box, set required parameters to add an inbound rule.</span></li><li id="rds_02_0003__en-us_topic_0192964142_en-us_topic_0192953697_l7d025d16fa7d42b891a94c74da6eb5b6"><span>Click <strong id="rds_02_0003__b198111385146">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rds_02_0018.html">Connecting to a PostgreSQL DB Instance Through a Public Network</a></div>
</div>
</div>
View Git Blame Copy Permalink