Security group is a stateful virtual firewall with filtering feature, which is used to set the network access control of single or multiple CloudDB. It is an important means of network security isolation provided by the cloud platform. The security group is a logical grouping, allowing you to add CloudDB instances from the same region with similar network security isolation requirements to the same security group. The CloudDB shares the security group list with the CVM and others. The security groups are matched based on rules. See Detailed Description of Security Groups for specific rules and restrictions.
Directions
Step 1: Creating Security Groups
Note:
The CloudDB security group currently only supports network control of Virtual Private Cloud (VPC) private network access and does not support network control of basic networks for the time being.
2. Select the Security Group page in the left sidebar, select the region at the top of the right page and click Create.
3. In the pop-up window, complete the following configurations. Confirm and click OK.
Template: Select Custom,After the security group is successfully created, add the security group rules as needed.
Name: Customize the security group name.
Project: By default, select default project, but it can be designated as other projects for easier management.
Remark: It is customized and briefly describes the security group for easier management.
Advanced configuration: Add a tag to the security group.
4. If Template is Custom, click Add rules now in the Note dialog box and perform the following steps.
Step 2: Set the security group inbound rules
Note:
The CloudDB does not actively generate outbound traffic. Therefore, configuring outbound rules has no actual impact on them.
When using Tencent Cloud CVM to connect to TencentDB for CTSDB 3.0, you need to configure outbound rules in the Tencent CVM security group and add the IP address and port of CTSDB 3.0 to the outbound rules. Configure inbound rules in the security group of CTSDB 3.0, and add the IP address and port of CVM to the inbound rules for successful connection.
1. On the Security group rules page, select the Inbound rules tab and click Add rule.
2. In the Add inbound rule pop-up window, set the rules.
Type: Select the default type Custom.
Source: Set the source for accessing the database, namely, the inbound source. The following options are supported.
Source
Description
IP address or CIDR block
Use CIDR blocks. (IPv4: such as 203.0.113.0, 203.0.113.0/24, or 0.0.0.0/0. 0.0.0.0/0 indicates that all IPv4 addresses are matched. IPv6: such as FF05::B5, FF05:B5::/60, ::/0, or 0::0/0. ::/0 or 0::0/0 indicates that all IPv6 addresses are matched.)
Select a created security group (the same region and same project) from the drop-down list, and reference the source address bound to the security group ID to the current security group.
Note:
Only the source information on the security group is referenced. The inbound rules will not be added to the current security group.
Current Login IP
Use the public IP address of the current terminal that has logged in to the console. This public IP address will be identified and bypassed.
Protocol port: Fill in the protocol type and port for client access to CTSDB 3.0. You can view the port information in the private network address column of the Instance List. The default is 8086.
Policy: Select Allow by default.
Allow: Access requests of this port are allowed.
Reject: Data packets will be discarded without any response.
Remark: It is customized and briefly describes the rules for easier management.
3. Click OK to complete adding the security group inbound rules.
Step 3: Binding a Security Group to an Instance
1. Log in to the CTSDB Console using a Tencent Cloud account.
2. At the top of the right page, select Version 3.0.
3. In the Instance list, find the instance to which you want to bind a security group.
4. Click the target instance ID, or click Manage in the Operation column to enter the Instance Details page.
5. Select the Security Group tab, and click Configure Security Group.
6. In the Configure Security Group dialog box, select the created security group and click OK.
More Operations
Adjusting the Priority of Bound Security Groups
1. Log in to the CTSDB Console using a Tencent Cloud account.
2. At the top of the right page, select Version 3.0.
3. In the Instance list, find the instance to which you want to bind a security group.
4. Click the target instance ID, or click Manage in the Operation column to enter the Instance Details page.
5. Select the Security Group tab to view all current security groups of the instance.
6. Click Edit. You can click
or
in the Operation column to adjust the priority of security groups filtering.
7. Click Save to complete the modification.
Adjusting Inbound and Outbound Rules
1. On the Security Group tab, you can view all current security groups of the instance.
2. In the security group list, click Security Group ID name to jump to Security Group page.
3. Find the security group rule to be modified, and click Edit in the Operation column to re-edit the security group rules.
Importing Security Group Rules
1. On the Security Group page, select the required security group and click the specific security group ID/name.
2. On the Inbound rules or Outbound rules tab, click on Import rule.
3. In the pop-up dialog box, select the edited inbound/outbound rule template files and click Import.
Note:
If there are security group rules under the security groups that need to be imported, it is recommended that you export the existing rules first. Otherwise, when importing new rules, the original rules will be overwritten.
If there is no security group rule under the security group that needs to import rules, it is recommended that you download the template first and then import the file after editing the template file.
Cloning Security Groups
1. On the Security Group page, select More > Clone in the Operation column of the list.
2. In the pop-up dialog box, after selecting the target region and project, click OK.
Deleting Security Groups
1. In Security Group page, select the security group to be deleted, and choose More > Delete in the operation column.
2. In the pop-up dialog box, click OK. If the current security group is associated with a CVM, it is required to disassociate the security group before deletion.
