An Elastic Compute Service (ECS) security group is a virtual firewall that is used to control the inbound and outbound traffic of ECS instances in the security group. This topic describes how to configure a security group.
Scenarios
After you create a ApsaraDB PolarDB MySQL-compatible edition cluster, you cannot connect to the cluster. You must configure a security group for
the ApsaraDB PolarDB MySQL-compatible edition cluster. Then, the ECS instances in the security group can access the ApsaraDB PolarDB MySQL-compatible edition cluster.
Note
- For more information about security groups and how to configure a security group in the ECS console, see Create a security group.
- You can configure both IP whitelists and security groups. After you add IP addresses to IP whitelists and add ECS instances to security groups of a ApsaraDB PolarDB MySQL-compatible edition cluster, the specified IP addresses and ECS instances can access the cluster.
Precautions
- The network types of a ApsaraDB PolarDB MySQL-compatible edition cluster and its security groups must be the same. For example, if your PolarDB for MySQL cluster is deployed in a virtual private cloud (VPC), you can add only security groups of the VPC type.
- You can create at most 10 security groups for each ApsaraDB PolarDB MySQL-compatible edition cluster.
Procedure
- On the Whitelists page, you can click Select Security Group to add a security group. You can also click Modify in the Actions column to change the security groups that you have added.
- In the Select Security Groups panel, select one or more security groups and click OK.
Note For more information about how to create a security group, see Create a security group.
Related API operations
| API operation | Description |
|---|---|
| DescribeDBClusterAccessWhitelist | Queries the IP addresses that are allowed to access a specified PolarDB for MySQL cluster. |
| ModifyDBClusterAccessWhitelist | Modifies the IP addresses that are allowed to access a specified PolarDB for MySQL cluster. |