You can associate an ECS security group with an RDS instance. This grants all ECS instances in the security group access to the RDS instance.
Prerequisites
Your RDS for MySQL instance must run one of the following versions: MySQL 8.4, 8.0, 5.7, or 5.6.
Use cases
After you create an RDS for MySQL instance, you cannot access it immediately. You must configure an IP address whitelist or a security group for the instance.
An ECS security group controls network access for ECS instances. For more information, see Create a security group.
You can configure both an IP address whitelist and a security group at the same time. IP addresses in the whitelist and ECS instances in the security group can access the RDS instance.
Limitations
The security group must have the same network type as the RDS instance. For example, if the instance is in a Virtual Private Cloud (VPC), you can add only a VPC-type security group.
If you change the instance's network type, its associated security groups no longer apply. You must then add security groups that match the new network type.
An RDS instance supports a maximum of 10 security groups.
Some regions do not support security groups. In these regions, you can use an IP address whitelist to control access.
Procedure
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Whitelist and SecGroup and then click the Security Group tab.
Click Create Security Group.
NoteThe VPC tag indicates a security group in a Virtual Private Cloud.
Select a security group and click Ok.
Next steps
API reference
API | Description |
Queries the security group configuration of a specified RDS instance. | |
Modifies the security group configuration of a specified RDS instance. |