If you use a self-managed data store on an Elastic Compute Service (ECS) instance, you must configure a security group for the ECS instance. This way, resource groups can read data from and write data to the data store. This topic shows you how to configure a security group for an ECS instance where a self-managed data store resides to allow access from different types of resource groups.
Prerequisites
- The network connectivity is configured between a resource group and the data store to be accessed. For more information, see Select a network connectivity solution.
- If the data store is configured with a whitelist, make sure that the IP addresses and classless inter-domain routing (CIDR) blocks of the resource group are added to the whitelist. For more information, see Configure a whitelist.
Configure a security group
The security group rule to be configured varies based on the type of resource group that is used to run sync nodes to read data from or write data to a self-managed data store deployed on your ECS instance.- Exclusive resource group for Data Integration
You must add the Elastic IP Address (EIP) CIDR block or vSwitch CIDR block of the exclusive resource group and the specific ports to your security group rule.
- To synchronize data over the Internet, you must obtain and add the EIP CIDR block of the exclusive resource group and the specific ports to your security group rule.
- To synchronize data to or from a data store in a virtual private cloud (VPC), you must obtain and add the vSwitch CIDR block of the exclusive resource group and the specific ports to your security group rule.
- Custom resource group for Data Integration
You must add internal or public IP addresses of the custom resource group and the specific ports to your security group rule.
For more information, see Add security group rules.