|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
Your first task is to set up a DB Security Group that controls what IP addresses or EC2 instances have access to your DB Instance. You will use this security group when you create a DB Instance. Once created, you can reuse this security group or create new security groups for specific DB Instances.
To create a DB Security group for this example, you enter CIDR (Classless Inter-Domain Routing) notation to specify either a single IP address or a range of IP addresses that you will allow to connect to your DB Instance. Since these IP addresses will be allowed access, it is important that you grant access to the correct IP addresses.
To create a new DB Security Group
In the left column of the AWS Management Console, click DB Security Groups.
In the My DB Security Groups page, click the Create DB Security Group button.
In the Create DB Security Group dialog box, type the name of the security group and a brief description. If you are using a Virtual Private Cloud (VPC), enter the ID of the VPC instance. Click Yes, Create to close the dialog box and show the My DB Security Groups page of the AWS Management Console.
On the My DB Security Groups page, the DB Security Group you created is selected. On the Description tab at the bottom of the window, select CIDR/IP from the Connection Type drop-down list. Type your CIDR range into the CIDR text box, and click the Add button.
The IP address you enter should be the public-facing address or range of addresses of the computers that will be accessing the DB Instance. If you are behind a firewall, the IP addresses could be a limited set of addresses that the firewall exposes. To help you determine your current IP address, the CIDR range for your current IP address appears on the page just below the CIDR text box. Due to how firewalls work, this value may not be the publically visible IP address you need to provide in the CIDR textbox. For information about the IP addresses you should include in the security group, consult with your network administrator.
You will use the name of the DB Security Group in the next step when you launch your DB Instance. Click the following button.