Skip to main content

Configure network access to an Redis cluster

Last update:

By default, for clusters with a public subnet, the connection is allowed for all IP addresses provided a login and password are used.

For a cluster in a private subnet, the connection is allowed from the cluster subnet and from subnets that are connected to the cluster subnet via a cloud router.

You can define a list of allowed IP addresses from which access to the Managed Database cluster will be allowed.

Also, you can use security groups to restrict access to the Managed Database cluster.

Any changes to network access settings are the client's responsibility.

Define a list of allowed IP addresses

When restoring a cluster from a backup, the list of allowed IP addresses will not be saved; for a new cluster, you will need to re-enter allowed IP addresses.

  1. In the Dashboard, on the top menu, click Products and select Managed Databases.
  2. Open the Active tab.
  3. Open the database cluster page → Settings tab.
  4. In the Network access management block, click the Allowed addresses and subnet CIDRs field.
  5. At the bottom of the drop-down list, enter the subnet CIDR or IP address from which access to the cluster should be allowed. Only IPv4 addressing is supported.
  6. Click .
  7. Repeat steps 5 and 6 for all allowed IP addresses.
  8. Click Save. Access will be denied for all IP addresses except those listed in the allowed list.

Security groups in a Managed Database cluster

A security group in a Managed Database cluster is a set of rules for filtering incoming and outgoing traffic for the cluster. For security groups to work, traffic filtering (port security) must be enabled on the network.

If filtering is enabled on the network, a default security group is assigned to all ports in this network, which allows all traffic through the ports. You can assign a different security group when creating a cluster or in an existing cluster.

In addition to the security groups you select when creating a cluster, a service security group is automatically assigned to the Managed Database cluster network ports. This group supports cluster operation and cannot be changed or deleted. The service group is only visible in the OpenStack CLI and Terraform.

Read more about security groups in the Security groups section.

Assign a security group in an existing cluster

warning

After assigning the group, all active sessions that do not comply with the group's rules will be terminated.

  1. Make sure that traffic filtering (port security) is enabled in the cluster network. To do this, in the control panel in the top menu, click ProductsCloud ServersNetwork → tab Private networks or Public networks. A network with filtering enabled is marked with .

    If filtering is disabled, to use security groups, create a new cluster in a new subnet or in a subnet with traffic filtering enabled and migrate the data via a dump; more details in the Migrating Redis Databases to Managed Databases instruction.

  2. In the Dashboard, on the top menu, click Products and select Managed Databases.

  3. Open the Active tab.

  4. Open the database cluster page → Settings tab.

  5. In the Security block, click Edit.

  6. Select the security group you want to assign to all ports in the cluster network.

  7. Click .