All Products
Search
Document Center

ApsaraDB RDS:(Optional) Configure an ECS security group

Last Updated:Feb 08, 2025

The cloud migration feature of ApsaraDB RDS for PostgreSQL allows you to migrate the data of a self-managed PostgreSQL database that is deployed on an Elastic Compute Service (ECS) instance to an ApsaraDB RDS for PostgreSQL instance. This topic describes how to configure a security group for a self-managed PostgreSQL database that resides on an ECS instance before cloud migration to allow an RDS instance to access the self-managed PostgreSQL database.

Prerequisites

If you want to migrate the data of a self-managed PostgreSQL database that is deployed on an ECS instance to an RDS instance, you must perform the operations described in this topic. The ECS instance on which the self-managed PostgreSQL database is deployed must meet the following requirements:

  • The ECS instance and the RDS instance reside in the same virtual private cloud (VPC).

  • The self-managed PostgreSQL database runs as expected on the ECS instance.

Procedure

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Instances & Images > Instances.

  3. In the top navigation bar, select a region.

  4. Find the ECS instance and click the instance ID.

  5. On the Security Groups tab of the page that appears, click the security group ID.

  6. In the Access Rule section of the Security Group Details tab, click the Inbound tab. Then, click Add Rule to create a security group rule.

    The following table describes the key parameters for you to create a rule.

    Protocol Type

    Port Range

    Authorization Object

    All ICMP (IPv4)

    Destination: -1/-1

    Source: -1/-1

    The VPC CIDR Block of the RDS instance.

    Method to obtain the VPC CIDR block

    1. Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.

    2. In the left-side navigation pane, click Database Connection. On the page that appears, check the Network Type parameter to obtain the VPC CIDR block. VPC网段

    Custom TCP

    The port that is used to connect to the self-managed PostgreSQL database on the ECS instance. You can run the netstat -a | grep PGSQL command to query the port.

What to do next

Configure the postgresql.conf file of a self-managed PostgreSQL instance