All Products
Search
Document Center

Configure security groups

Last Updated: May 08, 2020

This topic describes how to configure security groups in the Data Management Service (DMS) console.

Prerequisites

Configure global settings

  1. In the DMS console, click Security Group Settings in the upper-right corner. The Security Group Settings dialog box appears. Security Group Settings dialog box

  2. Click the Automatic Task Settings tab. On this tab, select Allow or Not Allow based on your needs, and click OK to save the settings.

    Note

    • Allow

    When Allow is selected, DMS can automatically configure security groups for Elastic Compute Service (ECS) instances. You must activate AliyunDMSDefaultRole first. If you log on with an Alibaba Cloud account, activate AliyunDMSDefaultRole in the Cloud Resource Authorization dialog box in the DMS console.If you log on as a RAM user, go to the Cloud Resource Access Authorization page to activate AliyunDMSDefaultRole.

    • Not Allow

    When Not Allow is selected, DMS may reject your requests to log on to ECS instances or databases that are deployed on ECS instances. You must manually configure security groups and access rules.

Configure access rules

  1. In the DMS console, click Security Group Settings in the upper-right corner. The Security Group Settings dialog box appears.Security Group Settings dialog box

  2. Click the Access Rule Settings tab. On this tab, configure access rules based on your needs and click OK to save the settings.

    Note

    The Access Rule Settings tab contains the following parameters:

    • Region: the region where your ECS instances reside, for example, China (Shenzhen), China (Qingdao), or China (Beijing).

    • Security Group ID: the ID of a security group you have created.

    • Add Access Rule: You can select Private Network or Public Network to add the IP address or Classless Inter-Domain Routing (CIDR) block of DMS to the specified security group. In this way, DMS can access the corresponding ECS instance through the specified private network or public network.