This topic describes how to configure a security group for an ApsaraDB RDS for MySQL instance. A security group is a virtual firewall that is used to control the inbound and outbound traffic of the Elastic Compute Service (ECS) instances in that security group. After you add a security group to your RDS instance, all the ECS instances in that security group can access the instance.

Scenarios

After your RDS instance is created, you must configure IP address whitelists or security groups for the instance. Otherwise, your RDS instance is inaccessible. For more information about how to configure an IP address whitelist, see Configure an IP address whitelist for an ApsaraDB RDS for PostgreSQL instance.

For more information about security groups, see Create a security group.

Precautions

  • You can configure both IP address whitelists and security groups. All the IP addresses in the configured IP address whitelists and all the ECS instances in the configured security groups are granted access to your RDS instance.
  • A maximum of 10 security groups can be configured for each RDS instance.
  • After the ECS instances in a configured security group are updated, the updates are automatically synchronized to the configured security group.
  • You can configure only a security group that has the same network type as your RDS instance. In this case, the network types of your RDS instance and the security group that you want to configure must both be VPC or classic network.
Note After you change the network type of your RDS instance, the security groups that you configured become invalid. You must configure the security groups of the specified network type again.

Procedure

  1. Go to the Security Group tab.
    1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
      选择地域
    2. Find your RDS instance and click its ID. In the left-side navigation pane, click Data Security. On the page that appears, click the Security Group tab.
  2. Click Add Security Group.
    Note Security groups that are followed by a VPC tag contain ECS instances that reside in virtual private clouds (VPCs).
    Add Security Group dialog box
  3. Select the security group that you want to add, and then click OK.

What to do next

Create a database and an account on an ApsaraDB RDS for PostgreSQL instance

Related operations

API Description
DescribeSecurityGroupConfiguration Queries details about the ECS security groups that are associated with an ApsaraDB RDS instance.
ModifySecurityGroupConfiguration Modifies details about the ECS security groups that are associated with an ApsaraDB RDS instance.