This topic describes how to configure whitelists for DataWorks workspaces in different regions.
If you use ApsaraDB for RDS as a data store, you must configure a whitelist for the ApsaraDB for RDS instance to ensure that it is accessible.
Before using a data store, you must add the IP addresses or Classless Inter-Domain Routing (CIDR) blocks that you use to access the data store to a whitelist of the instance where the data store resides. This improves security and stability of the database.
Determine the IP addresses or CIDR blocks to be added to a whitelist
- Log on to the DataWorks console. In the left-side navigation pane, click Workspaces.
- Move the pointer over the region in the top navigation bar and click the target region.
Currently, DataWorks supports multiple regions. Select the region of the MaxCompute project that you have purchased.
- Determine the IP addresses or CIDR blocks to be added to a whitelist based on the
region of the workspace.
Currently, access to some data stores is restricted by whitelists. You must add the IP addresses or CIDR blocks used by Data Integration to these whitelists. Otherwise, Data Integration cannot access these data stores. For example, you must add IP addresses or CIDR blocks to a whitelist of an ApsaraDB for RDS, ApsaraDB for MongoDB, or ApsaraDB for Redis instance that serves as a data store. Add IP addresses or CIDR blocks to a whitelist based on the resource group type as follows:
- If sync nodes run on a custom resource group, add internal and public IP addresses of Elastic Compute Service (ECS) instances on the custom resource group to a whitelist of the data store.
- If sync nodes run on the default resource group, add the IP addresses or CIDR blocks
of the region where the workspace resides to a whitelist of the data store. The following
table lists the IP addresses or CIDR blocks used by each region.
Region Whitelist China (Hangzhou) 100.64.0.0/10,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24 China (Shanghai) 220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,10.117.28.203,10.143.32.0/24,10.152.69.0/24,10.153.136.0/24,10.27.63.15,10.27.63.38,10.27.63.41,10.27.63.60,10.46.64.81,10.46.67.156,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199,188.8.131.52,184.108.40.206,220.127.116.11,18.104.22.168,22.214.171.124,126.96.36.199,188.8.131.52,100.64.0.0/10,10.117.39.238 China (Shenzhen) 100.106.46.0/24,100.106.49.0/24,10.152.27.0/24,10.152.28.0/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/10,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24 China (Chengdu) 184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/10 China (Zhangjiakou) 22.214.171.124/24,126.96.36.199/24,100.64.0.0/10 China (Hong Kong) 10.152.162.0/24,188.8.131.52/24,184.108.40.206/24,100.64.0.0/10,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24 Singapore 100.106.10.0/24,100.106.35.0/24,10.151.234.0/24,10.151.238.0/24,10.152.248.0/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/10,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24 Australia (Sydney) 220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,100.64.0.0/10,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24 China (Beijing) 100.106.48.0/24,10.152.167.0/24,10.152.168.0/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,100.64.0.0/10,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24 US (Silicon Valley) 10.152.160.0/24,100.64.0.0/10,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24 US (Virginia) 184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/10,22.214.171.124/24,126.96.36.199/24 Malaysia (Kuala Lumpur) 188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/10,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24 Germany (Frankfurt) 184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,100.64.0.0/10,188.8.131.52,184.108.40.206,220.127.116.11,18.104.22.168,22.214.171.124,126.96.36.199,188.8.131.52,184.108.40.206,220.127.116.11,18.104.22.168,22.214.171.124,126.96.36.199/24,188.8.131.52/24 Japan (Tokyo) 100.105.55.0/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/10,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24 UAE (Dubai) 18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,100.64.0.0/10 India (Mumbai) 220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,100.64.0.0/10,184.108.40.206/24,220.127.116.11/24 UK (London) 18.104.22.168/24,100.64.0.0/10 Indonesia (Jakarta) 22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,100.64.0.0/10,220.127.116.11/24,10.143.32.0/24,18.104.22.168/24 China (Beijing) Alibaba GovCloud 22.214.171.124/24,100.64.0.0/10
If you fail to add the preceding CIDR blocks, add the following IP addresses:
Configure a whitelist for an ApsaraDB for RDS instance
- ApsaraDB for RDS instance mode
You can add an RDS connection by specifying the corresponding ApsaraDB for RDS instance. Currently, connectivity testing is supported for RDS connections added in this mode, including RDS connections for ApsaraDB for RDS instances deployed in a VPC. If an RDS connection added in this mode fails the connectivity test, add the RDS connection in JDBC URL mode.
- JDBC URL mode
When adding an RDS connection in JDBC URL mode, specify the internal endpoint of the corresponding ApsaraDB for RDS instance as the JDBC URL. If no internal endpoint is available, enter the public endpoint as the JDBC URL. If an internal endpoint is used, data is transferred inside an IDC of Alibaba Cloud. In this case, the data synchronization is fast. If a public endpoint is used, the data synchronization speed depends on your public network bandwidth.
Configure a whitelist for an ApsaraDB for RDS instance
To allow Data Integration to synchronize data from or to an ApsaraDB for RDS instance, you must connect Data Integration to the ApsaraDB for RDS instance through a standard database protocol. An ApsaraDB for RDS instance allows connections from all IP addresses by default. However, if you have specified a whitelist for the ApsaraDB for RDS instance, you must add the IP addresses or CIDR blocks used by Data Integration to the whitelist. This operation is unnecessary if you have not specified a whitelist for the ApsaraDB for RDS instance.
If you have specified an endpoint whitelist for the ApsaraDB for RDS instance, go to the Data Security page for the instance in the ApsaraDB for RDS console, and modify the whitelist to add the corresponding IP addresses or CIDR blocks.