| « PreviousNext » | |
  | Did this page help you? Yes | No | Tell us about it... |
Amazon RDS Security Groups
Amazon RDS Security Groups enable you to manage network access to you Amazon RDS instances. With security groups, you specify sets of IP addresses using CIDR notation, and only network traffic originating from these addresses is recognized by your Amazon RDS instance.
Amazon RDS Security Groups are not the same as Amazon EC2 security groups although they function similarly. Also, it is possible to add an EC2 security group to your RDS security group. This has the effect that any EC2 instances that are members of the EC2 security group are then able to access the RDS instances that are members of the RDS security group.
For more information about Amazon RDS security groups, go to the Amazon Relational Database Service User Guide .
For more information about Amazon EC2 security groups, go to the Amazon Elastic Compute Cloud User Guide
Create an Amazon RDS Security Group
You can create an RDS security group from the AWS Toolkit. If you use the AWS Toolkit to launch an RDS instance, the wizard will allow you to specify an RDS security group to use with your instance. You can create that security group before starting the wizard using the following procedure.
To create an Amazon RDS Security Group
In AWS Explorer, expand the Amazon RDS node, then right-click the DB Security Groups subnode and select Create.
Alternatively, you could select Create Security Group from the Security Groups tab. If this tab isn't visible, right-click the DB Security Groups subnode and select View.
In the Create Security Group dialog box, enter a name and description for the security group. Click OK.
Set Access Permissions for an Amazon RDS Security Group
By default, a new Amazon RDS Security Group provides no network access. To enable access to Amazon RDS instances that use the security group, set its access permissions using the following procedure.
To set access for an Amazon RDS Security Group
In the Security Groups tab, select the security group to permission from the list view. If you do not see your security group listed, click Refresh. If you still do not see your security group, verify that your Security Groups tab that you are viewing if for the correct AWS region; Security Group tabs in the AWS Toolkit are region specific.
If no Security Group tabs are visible, right-click the DB Security Groups subnode in AWS Explorer and select View.
Click the Add Permission button.
In the Add Permission dialog box, you can specify your what IP addresses can access your RDS instance using CIDR notation, or you can specify which EC2 security groups can access your RDS instance. When specifying access by EC2 security group, you can specify that all EC2 instances associated with a particular AWS account have access or you can select a particular EC2 security group from the drop-down list.
The AWS Toolkit will attempt to determine your IP address and auto populate the dialog box with the appropriate CIDR specification. However, if your computer access the Internet through a firewall, you should consult your systems administrator for the correct CIDR because, in this case, the Toolkit's CIDR determined by the toolkit may be inaccurate.
