All Products
Search
Document Center

AnalyticDB for MySQL:Configure a whitelist

Last Updated:Mar 14, 2024

To ensure security and stability, AnalyticDB for MySQL denies access from all IP addresses by default. Before you use an AnalyticDB for MySQL cluster, you must configure a whitelist to allow access from external devices to the cluster.

Background information

  • The default whitelist of an AnalyticDB for MySQL cluster contains only the default IP address 127.0.0.1, which indicates that no devices are allowed to access the cluster. You can configure a whitelist to allow other devices to access the cluster. For example, you can specify 10.10.10.0/24 to allow all IP addresses in 10.10.10.x to access the cluster. If you want to add multiple IP addresses or CIDR blocks, separate multiple entries with commas (,). Do not add spaces before or after the commas. Example: 192.168.0.1,172.16.213.9.

    Warning

    The IP address 0.0.0.0 is not allowed in a whitelist.

  • If your public IP addresses change frequently and you want to allow all public IP addresses to access an AnalyticDB for MySQL cluster, contact technical support.

  • You can configure a whitelist to enable fine-grained access control for your AnalyticDB for MySQL cluster. We recommend that you update the whitelist on a regular basis.

  • The whitelist configuration does not affect the running of your AnalyticDB for MySQL cluster. The modification to a whitelist takes effect in 1 minute.

Procedure

  1. Log on to the AnalyticDB for MySQL console.
  2. In the upper-left corner of the page, select the region where clusters reside.
  3. In the left-side navigation pane, click Clusters.
  4. On the Data Warehouse Edition (V3.0) tab, find the cluster that you want to manage and click the Cluster ID.

  5. In the left-side navigation pane, click Data Security.

  6. On the Whitelist Settings tab, click Modify to the right of the default whitelist.

    Note

    You can also click Create Whitelist to create a whitelist.

  7. In the Edit Whitelist panel, remove the default IP address 127.0.0.1 and enter the IP addresses or CIDR blocks that you want to allow. Then, click OK.

    Note

    To add the egress IP address of the client to the whitelist, query the IP address first. For more information, see Connections.