This topic describes how to configure security groups in the Data Management Service (DMS) console.
Prerequisites
- The required permissions are obtained. You have logged on to the DMS console with one of the following accounts:
- Alibaba Cloud account: Log on to the DMS console.
- Resource Access Management (RAM) user: Log on to the Alibaba Cloud console as a RAM user and then go to the DMS console.
Configure global settings
In the DMS console, click Security Group Settings in the upper-right corner. The Security Group Settings dialog box appears.
Click the Automatic Task Settings tab. On this tab, select Allow or Not Allow based on your needs, and click OK to save the settings.
Note
- Allow
When Allow is selected, DMS can automatically configure security groups for Elastic Compute Service (ECS) instances. You must activate AliyunDMSDefaultRole first. If you log on with an Alibaba Cloud account, activate AliyunDMSDefaultRole in the Cloud Resource Authorization dialog box in the DMS console.If you log on as a RAM user, go to the Cloud Resource Access Authorization page to activate AliyunDMSDefaultRole.
- Not Allow
When Not Allow is selected, DMS may reject your requests to log on to ECS instances or databases that are deployed on ECS instances. You must manually configure security groups and access rules.
Configure access rules
In the DMS console, click Security Group Settings in the upper-right corner. The Security Group Settings dialog box appears.
Click the Access Rule Settings tab. On this tab, configure access rules based on your needs and click OK to save the settings.
Note
The Access Rule Settings tab contains the following parameters:
Region: the region where your ECS instances reside, for example, China (Shenzhen), China (Qingdao), or China (Beijing).
Security Group ID: the ID of a security group you have created.
Add Access Rule: You can select Private Network or Public Network to add the IP address or Classless Inter-Domain Routing (CIDR) block of DMS to the specified security group. In this way, DMS can access the corresponding ECS instance through the specified private network or public network.