ApsaraDB RDS:Configure a security group for an ApsaraDB RDS for MySQL instance

Security groups vs. IP address whitelists

Both methods can be active simultaneously. All IP addresses in configured whitelists and all ECS instances in configured security groups are granted access to the RDS instance.

For more information about IP address whitelists, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance.

Limitations

• The security group must have the same network type as the RDS instance. If the RDS instance uses Virtual Private Cloud (VPC), add only VPC-type security groups.

• After you change the network type of an RDS instance, all configured security groups become invalid. Reconfigure the security groups to match the new network type.

• Each RDS instance supports a maximum of 10 security groups.

• Security groups are not supported in some regions. For instances in those regions, use an IP address whitelist instead.

Add a security group

Use this procedure when your ECS application instances need access to the same RDS database. Instead of listing each ECS private IP address in the whitelist, add the ECS security group that contains those instances.

1. Go to the Instances page. In the top navigation bar, select the region where your RDS instance resides. Find the instance and click its ID.

2. In the left-side navigation pane, click Whitelist and SecGroup. On the page that appears, click the Security Group tab.

3. Click Add Security Group.

   Note

   Security groups with a VPC tag contain ECS instances in virtual private clouds. Select the group that matches your RDS instance network type.

   

4. Select the security group and click OK.

What's next

Create accounts and databases

API reference