After you create an ApsaraDB for HBase cluster, you must configure an IP address whitelist or specify Elastic Compute Service (ECS) security groups as whitelists for the cluster. This way, only the clients included in the whitelist or security groups can access the cluster.

Background information

A newly created ApsaraDB for HBase cluster is inaccessible by default. This ensures database security.

Whitelisting methods

Method Description
Method 1: Configure an IP address whitelist To allow a client to access an ApsaraDB for HBase cluster, add the IP address of the client to the IP address whitelist of the cluster.
Method 2: Specify ECS security groups as whitelists A security group is a virtual firewall that is used to control the inbound and outbound traffic of ECS instances in the security group. To allow multiple ECS instances to access an ApsaraDB for HBase cluster, you can associate the cluster with the security group to which the ECS instances belong. You do not need to manually enter the IP addresses of the ECS instances. This simplifies operations and maintenance (O&M).

Method 1: Configure an IP address whitelist

  1. Log on to the ApsaraDB for HBase console.
  2. In the top navigation bar, select the region where your cluster is deployed.
  3. On the Clusters page, find the cluster and click the cluster ID.
  4. In the left-side navigation pane, click Access Control.
  5. On the Whitelist Setting tab, click Modify Whitelist.
    Access Control
  6. In the Modify Whitelist dialog box, specify the IP addresses or CIDR blocks for which you want to enable access to the cluster, and click OK.
    Note
    • The default whitelist contains only 127.0.0.1. This indicates that no client is allowed to access the ApsaraDB for HBase cluster.
    • If you enter 0.0.0.0/0 in the Whitelist field or leave the field blank, all IP addresses are allowed to access your ApsaraDB for HBase cluster. To ensure database security, we recommend that you do not enter 0.0.0.0 or 0.0.0.0/0 in the Whitelist field.
    • If you want to use a public IP address to access open source components, enter the public IP address.

Method 2: Specify ECS security groups as whitelists

Note If this method is used, make sure that the specified security groups contain ECS instances that have the same network type as the ApsaraDB for HBase cluster. If the ApsaraDB for HBase cluster is deployed in a virtual private cloud (VPC), the ECS instances must be deployed in the same VPC.
  1. Log on to the ApsaraDB for HBase console.
  2. In the top navigation bar, select the region where your cluster is deployed.
  3. On the Clusters page, find the cluster and click the cluster ID.
  4. In the left-side navigation pane, click Access Control.
  5. On the Security Group tab, click Add Security Group.
    Security Group
  6. In the Add Security Group dialog box, select the security groups and click OK.
    Add security groups