If the RDS instance is configured to be accessible from the Internet, the instance may suffer from DDoS attacks. If a DDoS attack is detected, the RDS security system enables traffic cleaning first. If traffic cleaning fails or the attack reaches the blackhole threshold, blackhole filtering is triggered.
|We recommend that RDS instances are accessed over the intranet to avoid DDoS attacks.|
Access control policy
You can define the IP addresses that are allowed to access RDS. Other IP addresses cannot access RDS.
Each account can only view and operate its own databases.
ApsaraDB for RDS is protected by multiple firewall layers that can effectively block a variety of malicious attacks and ensure data security.
Direct logon to the ApsaraDB for RDS server is not allowed. Only the ports required by the specific database services are open.
The ApsaraDB for RDS server cannot initiate an external connection. It can only accept access requests.
For more information, see Network isolation.
Professional security team
Alibaba Cloud’s security team provide rapid security technology support for RDS.