Configure Security Group

Last updated: 2020-02-26 15:59:25

PDF

Operation Scenario

A security group serves as a stateful virtual firewall with filtering feature for setting network access control for one or more databases. It is an important network security isolation tool provided by Tencent Cloud. A security group is a logical group. You can associate the database instances with the same network security isolation requirements in the same region with the same security group.

  • TencentDB security group currently only supports network access control for VPC and public networks, but not basic networks.
  • Security groups that currently support public network access are available only in Guangzhou, Shanghai, Beijing, and Chengdu.
  • As TencentDB does not have active outbound traffic, outbound rules are not applicable to TencentDB.
  • TencentDB for Redis security group supports the master instance, read-only instances, and disaster recovery instances.
  • Templates are provided for security groups by default. Please take note that:
  • Port 22 opened on Linux: Only TCP port 22 for SSH logins is opened to the public network, while all ports are opened to the private network. This template is not applicable to TencentDB.
  • Port 3389 opened on Windows: Only TCP 3389 for MSTSC logins is opened to the public network, while all ports are opened to the private network. This template is not applicable to TencentDB.
  • All ports opened: allows access to TencentDB from all IP addresses, which comes with certain security risks.

Directions

Create a Security Group

  1. Login Cloud Virtual Machine console In Left sidebar, select the "Security Group" page.
  2. Click CREATE , select or customize a template in Template , enter the security group Name (such as my-security-group), select a Project , enter Remarks (optional), and then click OK .

Configure a Security Group

A Security group Is an instance-level firewall provided by Tencent Cloud for controlling inbound/outbound traffic of TencentDB. You can associate a security group with an instance when purchasing it or later in the console.

TencentDB for Redis security group currently only supports the VPC TencentDB configuration.

  1. Log in to the Redis Console And click a instance name in the instance list to enter the instance details page.
  2. On the Security Group Tab, click Configure a Security Group .
  3. In the pop-up dialog box, select the security group to be bound and click OK .

Delete a Security Group

  1. Log in to the Security Group Console And select More > .setRegion(region) In the Operation Column。
  2. In the dialog box that pops up, click OK .

If the current security group isassociated with a CVM instance, it must be disassociated before it can be deleted.

Clone a Security Group

  1. Log in to the Security Group Console And select More > Clone In the Operation Column。
  2. In the pop-up dialog box, select the target region and target project, and click OK.

If the new security group needs to be associated with a CVM instance, do so in the "Manage Instance" section of the security group.

Create Security Group Rules

  1. Log in to the Security Group Console And click the name of the security group to be updated.
  2. On the Inbound/Outbound Rules Page, click Create a Rule .
  3. On the rule creating page, configure the rule information. For example, specify the source/destination as 10.0.0.0/0 and the protocol port as TCP:3306 and click Complete .

Import/Export Security Group Rules

  1. Log in to the Security Group Console And click the name of the select the security group to be updated.
  2. On the Inbound/Outbound Rules Page, click Import Rule .
  • If you already have a rule, you are recommended to export it first as importing a rule will overwrite the existing one.
  • If the existing rule is empty, first export the template, edit the template file, click Select a Template To select it, and then click Start Import .