Configure Security Group
Last updated: 2020-02-26 15:59:25PDF
A security group serves as a stateful virtual firewall with filtering feature for setting network access control for one or more databases. It is an important network security isolation tool provided by Tencent Cloud. A security group is a logical group. You can associate the database instances with the same network security isolation requirements in the same region with the same security group.
- TencentDB security group currently only supports network access control for VPC and public networks, but not basic networks.
- Security groups that currently support public network access are available only in Guangzhou, Shanghai, Beijing, and Chengdu.
- As TencentDB does not have active outbound traffic, outbound rules are not applicable to TencentDB.
- TencentDB for Redis security group supports the master instance, read-only instances, and disaster recovery instances.
- Templates are provided for security groups by default. Please take note that:
- Port 22 opened on Linux: Only TCP port 22 for SSH logins is opened to the public network, while all ports are opened to the private network. This template is not applicable to TencentDB.
- Port 3389 opened on Windows: Only TCP 3389 for MSTSC logins is opened to the public network, while all ports are opened to the private network. This template is not applicable to TencentDB.
- All ports opened: allows access to TencentDB from all IP addresses, which comes with certain security risks.
Create a Security Group
- Login Cloud Virtual Machine console In Left sidebar, select the "Security Group" page.
- Click CREATE , select or customize a template in Template , enter the security group Name (such as my-security-group), select a Project , enter Remarks (optional), and then click OK .
Configure a Security Group
A Security group Is an instance-level firewall provided by Tencent Cloud for controlling inbound/outbound traffic of TencentDB. You can associate a security group with an instance when purchasing it or later in the console.
TencentDB for Redis security group currently only supports the VPC TencentDB configuration.
- Log in to the Redis Console And click a instance name in the instance list to enter the instance details page.
- On the Security Group Tab, click Configure a Security Group .
- In the pop-up dialog box, select the security group to be bound and click OK .
Delete a Security Group
- Log in to the Security Group Console And select More > .setRegion(region) In the Operation Column。
- In the dialog box that pops up, click OK .
If the current security group isassociated with a CVM instance, it must be disassociated before it can be deleted.
Clone a Security Group
- Log in to the Security Group Console And select More > Clone In the Operation Column。
- In the pop-up dialog box, select the target region and target project, and click OK.
If the new security group needs to be associated with a CVM instance, do so in the "Manage Instance" section of the security group.
Create Security Group Rules
- Log in to the Security Group Console And click the name of the security group to be updated.
- On the Inbound/Outbound Rules Page, click Create a Rule .
- On the rule creating page, configure the rule information. For example, specify the source/destination as 10.0.0.0/0 and the protocol port as TCP:3306 and click Complete .
Import/Export Security Group Rules
- Log in to the Security Group Console And click the name of the select the security group to be updated.
- On the Inbound/Outbound Rules Page, click Import Rule .
- If you already have a rule, you are recommended to export it first as importing a rule will overwrite the existing one.
- If the existing rule is empty, first export the template, edit the template file, click Select a Template To select it, and then click Start Import .