A security group is a virtual firewall that controls the inbound and outbound traffic of specific Elastic Compute Service (ECS) instances. After you add a security group to an ApsaraDB for MongoDB instance, the ECS instances in that security group can access the MongoDB instance.
After an ApsaraDB for MongoDB instance is created, you must add a whitelist or security group to the instance to allow external devices to access the instance.
Prerequisites
Before you begin, make sure that you have:
An ApsaraDB for MongoDB instance (replica set or sharded cluster)
An ECS security group with the same network type as the MongoDB instance
If no existing security group meets your requirements, create a security group first.
Limitations
| Constraint | Details |
|---|---|
| Network type | Only security groups with the same network type as the MongoDB instance can be added. For example, if the instance uses VPC, only VPC security groups can be added. |
| Maximum security groups | Up to 10 security groups per MongoDB instance |
| After a network type change | Security groups become invalid when the instance network type changes. Reconfigure security groups using the new network type. |
| Whitelists and security groups | Both can be active simultaneously. IP addresses in whitelists and ECS instances in security groups all have access. |
Add a security group
Go to the Replica Set Instances or Sharded Cluster Instances page. In the top navigation bar, select the region where the instance resides, then click the instance ID.Go to the MongoDB Replica Set Instances or MongoDB Sharded Cluster Instances page. At the top of the page, select a resource group and a region, and then click the ID of the target instance.
In the left-side navigation pane, choose Data Security > Whitelist Settings.
Click Add Security Group.
In the Add Security Group panel, select the security groups to add.
Security groups followed by a VPC tag contain ECS instances that reside in VPCs.
Click OK.
Troubleshooting
If ECS instances cannot access the MongoDB instance after adding a security group, check the following:
Network type mismatch: Confirm the security group's network type matches the instance. VPC instances require VPC security groups.
Security group limit reached: Verify the instance has fewer than 10 security groups configured.
What's next
For more information about security groups, see Security group overview.