You can modify the whitelist to allow specified IP addresses or ports to access Message Queue for Apache Kafka instances.
You have purchased a Message Queue for Apache Kafka instance, and the instance is in the Running state.
To add IP addresses or Classless Inter-Domain Routing (CIDR) blocks to the whitelist, follow these steps:
- Log on to the Message Queue for Apache Kafka console and select the region where the instance is located in the top navigation bar.
- In the left-side navigation pane, click Instance Details.
- On the Instance Details page, click the ID of the instance to be modified and click Security Change in the Security Configuration section.
- In the Security Change dialog box, click + Add IP to Whitelist, enter the required IP addresses or CIDR blocks, and then click Add.
- The whitelist can contain a maximum of 100 IP addresses or CIDR blocks.
- You can add a maximum of 10 IP addresses or CIDR blocks separated with commas (,) at a time to the whitelist.
- You can delete or add only one IP address or CIDR block from or to the whitelist.
- You can delete the last IP address or CIDR block from the whitelist. Proceed with caution because the port range of the Message Queue for Apache Kafka instance will be inaccessible after deletion.
The operations differ slightly for instances of different network types, with differences mainly in the port ranges.
- Instances of the VPC type
- The port range is 9092/9092. The default IP address and port number in the whitelist is 0.0.0.0/0, allowing access to the Message Queue for Apache Kafka instance through VPC networks.
- The port range is 9094/9094. The default CIDR block in the whitelist is that of the
VSwitch specified during instance deployment, allowing access to the Message Queue
for Apache Kafka instance in the VSwitch of the VPC.
Note The port range 9094/9094 is displayed only after the access control list (ACL) feature is enabled. For more information about how to enable the ACL feature, see Step 1: Apply to enable the ACL feature.
- (Optional) To delete the whitelist configuration, click the Delete icon in the row where the IP address or CIDR block to be deleted is located in the Security Change dialog box.