If you use a self-managed data store on an Elastic Compute Service (ECS) instance, you must configure a security group for the ECS instance. This way, resource groups can read data from and write data to the data store. This topic shows you how to configure a security group for an ECS instance where a self-managed data store resides to allow access from different types of resource groups.

Prerequisites

  1. The network connectivity is configured between a resource group and the data store to be accessed. For more information, see Select a network connectivity solution.
  2. If the data store is configured with a whitelist, make sure that the IP addresses and classless inter-domain routing (CIDR) blocks of the resource group are added to the whitelist. For more information, see Configure a whitelist.

Configure a security group

The security group rule to be configured varies based on the type of resource group that is used to run sync nodes to read data from or write data to a self-managed data store deployed on your ECS instance.
  • Exclusive resource group for Data Integration
    You must add the Elastic IP Address (EIP) CIDR block or vSwitch CIDR block of the exclusive resource group and the specific ports to your security group rule.
    • To synchronize data over the Internet, you must obtain and add the EIP CIDR block of the exclusive resource group and the specific ports to your security group rule.
    • To synchronize data to or from a data store in a virtual private cloud (VPC), you must obtain and add the vSwitch CIDR block of the exclusive resource group and the specific ports to your security group rule.
    For more information about exclusive resource groups for Data Integration, see Obtain the IP address and CIDR block of an exclusive resource group for Data Integration. For more information about how to add a security group rule, see Add security group rules.
  • Custom resource group for Data Integration

    You must add internal or public IP addresses of the custom resource group and the specific ports to your security group rule.

    For more information, see Add security group rules.