Overview
A security group is a stateful virtual firewall capable of filtering. As an important means for network security isolation provided by Tencent Cloud, it can be used to set network access controls for one or more TencentDB instances. Instances with the same network security isolation demands in one region can be put into the same security group, which is a logical group. TencentDB and CVM share the security group list and are matched with each other within the security group based on rules. For specific rules and limitations, see Security Groups Overview. You can bind a security group directly during instance purchase or bind one in the console after instance purchase. Note:
TencentDB for Redis® security groups currently only support network access control for VPCs and public networks but not the classic network.
As TencentDB doesn't have any active outbound traffic, outbound rules don't apply to it.
TencentDB for Redis® security groups support master instances, read-only instances, and disaster recovery instances.
Configuring Security Groups for TencentDB
Step 1. Create a security group
2. Select Security Group on the left sidebar, select a region above the instance list on the right, and click Create.
3. In the pop-up window, set the following configuration items, confirm that everything is correct, and click OK.
Template: Select a security group template in the drop-down list.
Open all ports: All ports are opened to the public and private networks. This may present security issues. Security group rules are added by default. You can click a security group template below to view its Outbound Rules* and Inbound Rules**.
- Open ports 22, 80, 443, and 3389 and the ICMP protocol: Ports 22, 80, 443, and 3389 and the ICMP protocol are opened to the internet. All ports are opened to the private network. Security group rules are added by default.
Custom: You can create a security group and then add custom rules.
Name: Custom name of the security group.
Project: Select a project for easier management. By default, Default Project is selected.
Notes: A short description of the security group for easier management.
Advanced Configuration: You can add tags for the security group.
4. If you select Custom for Template, click Set Now in the Note window and perform the following steps.
Step 2. Set inbound rules in the security group
1. On the Inbound Rule tab of the Security Group Rules page, click Add Rules.
2. In the Add Inbound Rules window, set the rules.
Type: Select Custom as the default type.
Source: Set the source for database access, i.e., the inbound source, in the following formats:
|
CIDR notation | A single IPv4 address or an IPv4 range is represented in CIDR notation, such as 203.0.113.0 , 203.0.113.0/24 , or 0.0.0.0/0 , where 0.0.0.0/0 indicates all IPv4 addresses will be matched. A single IPv6 address or an IPv6 range is represented in CIDR notation, such as FF05::B5 , FF05:B5::/60 , ::/0 , or 0::0/0 , where ::/0 or 0::0/0 indicates all IPv6 addresses will be matched. |
Security group ID | Reference a security group ID to match the IP address of the server associated with the security group. |
Parameter template | |
Protocol Port: Enter the protocol type and port for the client to access TencentDB for Redis®. You can view the port information in the Private IPv4 Address in the Network Info section on the Instance Details page. The default port is 6379. If the access protocol is TCP, you can enter TCP:6379
. Policy: Allow or Reject. Allow is selected by default.
Allow: Access requests of this port are allowed.
Reject: Data packets will be discarded without any response.
Notes: A short description of the rule for easier management.
3. Click Complete.
Step 3. Configure the security group for a database instance
Note:
When purchasing an instance, you can directly select the security group to be associated with the instance from the Security Group drop-down list on the purchase page. For more information, see Creating TencentDB for Redis® Instance. After purchase, you can change or add a security group for an instance based on the following steps.
2. Above the Instance List on the right, select the region.
3. In the instance list, find the target instance.
4. Click the instance ID to enter the instance management page.
5. On the Security Group tab, click Configure Security Group.
6. In the Configure Security Group pop-up window, select a created security group. You can filter security group by project name.
7. Click OK.
In the Associated Security Group section, you can view the list of security groups associated with the database instance.
In the Priority column, you can view the priorities of security groups. When two or more security groups are selected, click Edit above the security group list, click or to adjust the priorities of security groups. Configure two or more security groups and click to delete the bound security groups. On the Preview Rules page, you can view the inbound source information of the security group on the Inbound Rules tab.
More operations
Related APIs
|
| Queries the security group information of a project |
| Queries the security group information of an instance |
| Modifies the security groups bound to an instance |
| |
| Unbinds a security group from instances in batches |
Was this page helpful?