tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for Redis
    Documentation
    Download PDF

    Configuring Security Group

    Last updated: 2023-05-23 10:26:23
    Download PDF

      Overview

      A security group is a stateful virtual firewall capable of filtering. As an important means for network security isolation provided by Tencent Cloud, it can be used to set network access controls for one or more TencentDB instances. Instances with the same network security isolation demands in one region can be put into the same security group, which is a logical group. TencentDB and CVM share the security group list and are matched with each other within the security group based on rules. For specific rules and limitations, see Security Groups Overview. You can bind a security group directly during instance purchase or bind one in the console after instance purchase.
      Note
      TencentDB for Redis security groups currently only support network access control for VPCs and public networks but not the classic network.
      As TencentDB doesn't have any active outbound traffic, outbound rules don't apply to it.
      TencentDB for Redis security groups support master instances, read-only instances, and disaster recovery instances.

      Configuring Security Groups for TencentDB

      Step 1. Create a security group

      1. Log in to the CVM console.
      2. Select Security Group on the left sidebar, select a region above the instance list on the right, and click Create.
      3. In the pop-up window, set the following configuration items, confirm that everything is correct, and click OK.
      Template: Select a security group template in the drop-down list.
      Open all ports: All ports are opened to the public and private networks. This may present security issues. Security group rules are added by default. You can click a security group template below to view its Outbound Rules* and Inbound Rules**.
      - Open ports 22, 80, 443, and 3389 and the ICMP protocol: Ports 22, 80, 443, and 3389 and the ICMP protocol are opened to the internet. All ports are opened to the private network. Security group rules are added by default.
      Custom: You can create a security group and then add custom rules.
      Name: Custom name of the security group.
      Project: Select a project for easier management. By default, Default Project is selected.
      Notes: A short description of the security group for easier management.
      Advanced Configuration: You can add tags for the security group.
      4. If you select Custom for Template, click Set Now in the Note window and perform the following steps.

      Step 2. Set inbound rules in the security group

      1. On the Inbound Rule tab of the Security Group Rules page, click Add Rules.
      2. In the Add Inbound Rules window, set the rules.
      Type: Select Custom as the default type.
      Source: Set the source for database access, i.e., the inbound source, in the following formats:
      Source Format
      Format description
      CIDR notation
      A single IPv4 address or an IPv4 range is represented in CIDR notation, such as 203.0.113.0, 203.0.113.0/24, or 0.0.0.0/0, where 0.0.0.0/0 indicates all IPv4 addresses will be matched.
      A single IPv6 address or an IPv6 range is represented in CIDR notation, such as FF05::B5, FF05:B5::/60, ::/0, or 0::0/0, where ::/0 or 0::0/0 indicates all IPv6 addresses will be matched.
      Security group ID
      Reference a security group ID to match the IP address of the server associated with the security group.
      Parameter template
      Reference an IP address object or IP address group object in a parameter template.
      Protocol Port: Enter the protocol type and port for the client to access TencentDB for Redis. You can view the port information in the Private IPv4 Address in the Network Info section on the Instance Details page. The default port is 6379. If the access protocol is TCP, you can enter TCP:6379.
      Policy: Allow or Reject. Allow is selected by default.
      Allow: Access requests of this port are allowed.
      Reject: Data packets will be discarded without any response.
      Notes: A short description of the rule for easier management.
      3. Click Complete.

      Step 3. Configure the security group for a database instance

      Note
      When purchasing an instance, you can directly select the security group to be associated with the instance from the Security Group drop-down list on the purchase page. For more information, see Creating TencentDB for Redis Instance.
      After purchase, you can change or add a security group for an instance based on the following steps.
      1. Log in to the TencentDB for Redis console.
      2. Above the Instance List on the right, select the region.
      3. In the instance list, find the target instance.
      4. Click the instance ID to enter the instance management page.
      5. On the Security Group tab, click Configure Security Group.
      6. In the Configure Security Group pop-up window, select a created security group. You can filter security group by project name.
      
      7. Click OK.
      In the Associated Security Group section, you can view the list of security groups associated with the database instance.
      You can click a security group ID to enter the Security Group Rules page and edit the rules as instructed in Modifying a Security Group Rule. For more operations, see Viewing a Security Group Rule.
      In the Priority column, you can view the priorities of security groups. When two or more security groups are selected, click Edit above the security group list, click
      img
      
      or
      img
      
      to adjust the priorities of security groups.
      Configure two or more security groups and click
      
      to delete the bound security groups.
      On the Preview Rules page, you can view the inbound source information of the security group on the Inbound Rules tab.
      

      More operations

      For more security group operations, see Viewing a Security Group.
      For more security group rule operations, see Viewing a Security Group Rule.
      For security group APIs, see DeleteSecurityGroup.

      Related APIs

      API Name
      Description
      Queries the security group information of a project
      Queries the security group information of an instance
      Modifies the security groups bound to an instance
      Binds a security group
      Unbinds a security group from instances in batches
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy