DocsICP FilingConsole
官方文档
首页

Set a security group

更新时间:
复制 MD 格式
产品详情
我的收藏

This topic describes how to add a security group for a tenant. After you add an OceanBase security group, you can associate it with an ECS security group. This allows all ECS instances in the associated ECS security group to access the OceanBase instance.

Background information

A security group is a logical group that provides access policies for trusted ECS instances that are in the same VPC and have the same security requirements. ApsaraDB for OceanBase supports setting security groups for tenants. When you perform this operation, the system automatically creates a service-linked role to query the list of security groups in your account. You can set a maximum of three security groups.

Procedure

  1. Log on to the OceanBase Management Console .

  2. In the navigation pane on the left, click Instance List.

  3. In the instance list, click the name of the target cluster instance to open the Cluster Instance Workspace page.

  4. In the navigation pane on the left, click Tenant Management. In the tenant list, click the target tenant to open the Tenant Workspace page.

  5. In the navigation pane on the left, click Security Settings.

  6. On the Security Settings page, click the Security Group tab. To add the first security group, click Set Now or Set Security Group. To add more security groups, click Set Security Group on the right side of the page.安全组设置.png

    Note

    • You can associate an ECS security group with an OceanBase security group. This allows all ECS instances in the associated ECS security group to access the OceanBase instance.

    • Changes to security groups may take some time to take effect. These changes include operations such as adding or deleting security groups and modifying the instances within a security group.

  7. In the Create Service-Linked Role dialog box, click OK. The system automatically creates a service-linked role to query the list of security groups in your account. If the role already exists, it is not recreated. For more information, see ApsaraDB for OceanBase Service-Linked Role.

    Note

    If you do not have the permissions to create a service-linked role, contact your Alibaba Cloud account owner or a RAM administrator to grant the required custom policy. The information for the custom policy is as follows:

    Service Name: security-group.oceanbase.aliyuncs.com

    Service-linked role name: AliyunServiceRoleForOceanBaseSecurityGroup

    Required permission for this operation: RAM:CreateServiceLinkedRole

  8. On the Set Security Group page, select a security group and click OK.安全组设置页面.png

  9. After the security group is set, click the security group ID to open the ECS security group details page for more information.

  10. Click the delete icon next to a security group to delete it.

    Note

    Deleting a security group may affect your services. Proceed with caution.

Previous:Set tenant whitelist groupsNext:Security assessment