A security group is a stateful virtual firewall capable of filtering. As an important means for network security isolation provided by Tencent Cloud, it can be used to set network access controls for one or more TencentDB instances. Instances with the same network security isolation demands in one region can be put into the same security group, which is a logical group. TencentDB and CVM share the security group list and are matched with each other within the security group based on rules. For specific rules and limitations, please see Security Group Overview.
Note:
- TencentDB for PostgreSQL security groups currently only support network access control for VPCs and public networks but not the classic network.
- Security groups that currently support public network access are available only in the Beijing, Shanghai, Guangzhou, and Chengdu regions.
- As TencentDB does not have active outbound traffic, outbound rules are not applicable to TencentDB.
- TencentDB for PostgreSQL primary instances, read-only instances, and read-only instance groups (RO groups) support security groups.
Template | Description | Remarks |
---|---|---|
Open all ports | All ports are open. May present security issues. | - |
Open ports 22, 80, 443, and 3389 and the ICMP protocol | Ports 22, 80, 443, and 3389 and the ICMP protocol are opened to the internet. All ports are opened to the private network. | This template does not take effect for TencentDB. |
Custom | You can create a security group and then add custom rules. For detailed directions, please see "Step 2. Add a security group rule" below. | The custom template is recommended. |
Source or Target | Description |
---|---|
A single IPv4 address or an IPv4 range | In CIDR notation, such as 203.0.113.0 , 203.0.113.0/24 or 0.0.0.0/0 , where 0.0.0.0/0 indicates all IPv4 addresses will be matched. |
A single IPv6 address or an IPv6 range | In CIDR notation, such as FF05::B5 , FF05:B5::/60 , ::/0 or 0::0/0 , where ::/0 or 0::0/0 indicates all IPv6 addresses will be matched. |
ID of referenced security group. You can reference the ID of:
|
|
Reference an IP address object or IP address group object in a parameter template. | - |
Note:To connect to TencentDB for PostgreSQL, port 5432 must be opened.
Scenario: you have created a TencentDB for PostgreSQL instance and want to access it from a CVM instance.
Solution: add an inbound security group rule where TCP:5432 is opened.
You can also set Source to all or specific IPs (IP ranges) as needed to allow them to access TencentDB for PostgreSQL from a CVM instance.
Inbound or Outbound | Type | Source | Protocol and Port | Policy |
---|---|---|---|---|
Inbound | Custom | All IPs: 0.0.0.0/0 Specific IPs: specify IPs or IP ranges |
TCP:5432 | Allow |
Note:As existing rules will be overwritten after importing, we recommend that you export the existing rules before importing new ones.
Was this page helpful?