A security group is a logical group that provides access policies for elastic cloud servers and DDS instances in the same VPC that have the same security protection requirements and trust each other.
To ensure the security and stability of the DDS, you must configure security group rules and open the IP address and port to access the database before using the DDS instance.
When connecting a DDS instance through Intranet, configure security group rules in the following two situations:
If the ECS and the DDS instance are in the same security group, the ECS communicates with the DDS instance by default. You do not need to set the security group rules. The instance is connected through Mongo Shell in the Intranet.
If the ECS is in a security group different from the DDS, you must set security group rules for the DDS and the ECS respectively.
Set security group rules for DDS: Configure inbound rules for the security group where the DDS resides.
Set security group rules for ECS: The default security group rule allows all outbound data packets. In this case, you do not need to configure security group rules for ECS. If the security group to which the ECS belongs is not the default security group and the outbound rule is not "Allow all", you must configure the outbound rule for the security group to which the ECS belongs.
Configuration Steps for Inbound Rules
Go to DDS > Management Console.
On the Instance Management page, select the specified target instance and click the instance name. The Basic Information page is displayed.
Choose Basic Information > Network > Security Group, click Edit, and select a security group.
Click the VPC name, go to the Network console, and choose Access Control > Security Group.
On the Security Group page, select the specified security group and click its name. The security group details page is displayed.
In the Inbound Rule tab, click Add Rule. The Add Inbound Rule window is displayed.
Configure the security group rules as instructed on the screen.
Click <b>OK</b>.