Cluster Security Groups

Galera replication uses the following ports for communication:

To create a security group that allows for Galera traffic within the VPCs, follow the steps below.

In this example, the VPC internal address space is in US-East-1. The address space in US-East-2 is 

  • Create a Security Group called "All Galera Traffic" with the following rules:

This will allow any connections outbound to any address and any inbound connection on ports 3306, 4567, 4568 and 4444 from any address on the and subnets. The same rule in the other VPC will also need the same rule configured. These rules may be tightened as required for the organization.

  • To apply these Security Groups to the EJBCA Enterprise Cloud Nodes in each of the VPCs, right-click the node, select Networking and then ChangeSecurityGroups.

  • Apply the security group to the instance so that it can communicate with the other nodes in the cluster.

  • In the node details there is a link to View Inbound Rules. The associated IPs should be something like this (modified for your IP ranges subnets).