Before you use an ApsaraDB for Redis instance, you must set one or more IP address
whitelists or specify Elastic Compute Service (ECS) security groups as whitelists.
This ensures data security and guarantee high performance of ApsaraDB for Redis. You
can add client IP addresses or Classless Inter-Domain Routing (CIDR) blocks to a whitelist.
We recommend that you update your whitelists on a regular basis to improve data security
in ApsaraDB for Redis.
Prerequisites
The ApsaraDB for Redis instance is upgraded to the latest minor version.
Note If your instance is not upgraded to the latest minor version, a message may appear
when you set a whitelist. In this case, you can upgrade the instance to the latest
minor version. For more information, see Upgrade the minor version.
To specify an ECS security group as a whitelist, the engine version of the instance
must be Redis 4.0 or later.
Notes
When you use Data Management Service (DMS) to log on to the ApsaraDB for Redis instance,
the system automatically creates a whitelist named ali_dms_group. Do not manually
add other IP addresses to this whitelist. Otherwise, IP address loss may occur due
to the DMS changes.
Set one or more whitelists
Note You can set one or more IP whitelists and specify ECS security groups as whitelists
of an ApsaraDB for Redis instance. Both IP addresses in IP whitelists and ECS instances
in security groups are allowed to access the instance.
On the top of the page, select the region where the instance is deployed.
On the Instances page, click the instance ID of the target instance or choose More > Manage in the Actions column for the instance.
In the left-side navigation pane of the Instance Information page, click Whitelist Settings.
On the Whitelist Settings page, use the following methods to manage whitelists:
Danger When you use DMS to log on to the ApsaraDB for Redis instance, the system automatically
creates a whitelist named ali_dms_group. Do not manually add other IP addresses to
this whitelist. Otherwise, IP address loss may occur due to the DMS changes.
Create a whitelist with a custom whitelist name:
Click Add Whitelist.
In the Add Whitelist dialog box, set Whitelist Name.
Note
The name of the whitelist must be 2 to 32 characters in length, and can contain lowercase
letters, digits, and underscores (_). It must start with a lowercase letter and end
with a letter or digit.
After you create a whitelist, you cannot change the name of the whitelist.
If you want to use an existing whitelist, click Modify on the right of the whitelist.
In the Add Whitelist or Modify Whitelist dialog box, perform one of the following steps:
Manually modify the value of Whitelist:
In the Whitelist field, enter the IP addresses or CIDR blocks that can be used to connect to the ApsaraDB
for Redis instance.
Figure 1. Manually modify the whitelist
Note
If you set the whitelist to 0.0.0.0/0, you allow connections from all IP addresses. To ensure data security, we recommended
that you do not specify this CIDR block.
If you set the whitelist to a CIDR block, such as 10.10.10.0/24, you allow connections from all the IP addresses within the CIDR block.
Separate multiple IP addresses or CIDR blocks with commas (,) and do not leave spaces
before or after each comma.
You can add up to 1,000 IP addresses or CIDR blocks to each whitelist.
Click OK.
Load internal IP addresses of ECS instances under your Alibaba Cloud account:
Click Load ECS Internal IP Addresses.
Figure 2. Load ECS internal IP addresses
Select internal IP addresses of ECS instances.
Figure 3. Select internal IP addresses of ECS instances
Note You can search ECS instances by instance name, ID, or IP address in the search bar
above the list of ECS internal IP addresses.
Click OK.
Specify ECS security groups as whitelists
A security group serves as a virtual firewall to limit the inbound and outbound network
traffic of ECS instances that belong to the security group. After you specify a security
group as a whitelist of the ApsaraDB for Redis instance, all ECS instances in the
security group are allowed to access the instance. For more information about ECS
security groups, see Security group overview.