This topic describes how to configure a security group for an ApsaraDB RDS for MySQL instance. The RDS security group can be associated with an Elastic Compute Service (ECS) security group to allow all ECS instances in the ECS security group to access the RDS instance.
PrerequisitesYour RDS instance runs one of the following MySQL versions:
- MySQL 8.0
- MySQL 5.7
- MySQL 5.6
After your RDS instance is created, you must configure IP address whitelists or security groups for the RDS instance for the specified devices to access the RDS instance. For more information about how to configure an IP address whitelist, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.
ECS security groups are used for access control of ECS instances in the security groups. For more information, see Create a security group.
- The security groups that you can add to your RDS instance must have the same network type as the instance. For example, if the network type of the instance is VPC, you can add only security groups whose network type is VPC to the instance.
- After you change the network type of your RDS instance, the configured security groups become invalid. In this case, you must reconfigure the security groups with the new network type.
- A maximum of 10 security groups are allowed per RDS instance.
- Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
- In the left-side navigation pane, click Whitelist and SecGroup. On the page that appears, click the Security Group tab.
- Click Add Security Group.
Note Security groups followed by a VPC tag contain ECS instances that reside in virtual private clouds (VPCs).
- Select the security group that you want to add, and then click OK.
What to do next
|DescribeSecurityGroupConfiguration||Queries details about the ECS security groups that are associated with an instance.|
|ModifySecurityGroupConfiguration||Modifies details about the ECS security groups that are associated with an instance.|