All Products
Search

This Product

    ApsaraDB RDS:Request or release a public endpoint

    Document Center

    ApsaraDB RDS:Request or release a public endpoint

    Last Updated:Nov 28, 2025

    ApsaraDB RDS supports internal and public endpoints. An internal endpoint is provided by default for internal access to your ApsaraDB RDS instance. If you want to access the instance from the Internet, you must request a public endpoint.

    To request or release a public endpoint for other database engines, see the following topics:

    Internal and public endpoints

    Address Type

    Description

    Internal endpoint

    • An internal endpoint is provided by default. You do not need to request it, and you cannot release it. You can switch the network type.

    • If your application is deployed on an ECS instance that is in the same region and has the same network type as your ApsaraDB RDS instance, the instances can connect to each other over the internal network. You do not need to request a public endpoint.

    • Accessing your ApsaraDB RDS instance over the internal network provides high security and optimal performance.

    Public endpoint

    • You must manually request a public endpoint. You can also release it when it is no longer needed.

    • You need to request a public endpoint if you cannot access your ApsaraDB RDS instance over the internal network. Scenarios include the following:

      • An ECS instance needs to access an ApsaraDB RDS instance, but the instances are in different regions or have different network types.

      • A device outside Alibaba Cloud needs to access the ApsaraDB RDS instance.

    Important

    • A public endpoint reduces the security of your instance. Use it with caution.

    • For faster data transfer and higher security, migrate your application to an ECS instance that is in the same region and has the same network type as your ApsaraDB RDS instance. Then, use the internal endpoint.

    Billing

    Requesting a public endpoint is free. The Internet traffic, including inbound and outbound traffic, generated from using the public endpoint is also free of charge.

    Precautions

    • If you release a public endpoint and then request a new one, the new endpoint is different from the one you released. You must immediately update the endpoint in your application's configuration to ensure that your services run as expected.

    • If you previously enabled Secure Sockets Layer (SSL) encryption for the instance's public endpoint, you must first disable SSL before you release the public endpoint. Disabling SSL encryption restarts the instance. Perform this operation during off-peak hours.

    Request or release a public endpoint

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the navigation pane on the left, click Database Connection.

      Note

      For Cluster Edition instances, you can also request or release a public endpoint from the instance topology graph on the Basic Information page.

    3. Request or release the endpoint:

      • To request a public endpoint, click Apply for Public Endpoint.

      • To release a public endpoint, click Disable Public Endpoint.

    4. In the dialog box that appears, click OK.

      Warning

      Adding 0.0.0.0/0 to the whitelist poses a security risk. After you complete your tests, configure the whitelist again.

      To connect to the instance over the Internet, run the curl ipinfo.io/ip command to obtain the public IP address of your local client. Then, add the IP address to the RDS whitelist.

    FAQ

    What is the bandwidth of an ApsaraDB RDS instance? Is traffic billed?

    ApsaraDB RDS does not limit internal or Internet bandwidth. Internal and Internet traffic, including inbound and outbound traffic, are free of charge.

    Can I set a fixed IP address for an endpoint?

    No, you cannot. The IP address may change after a primary/secondary failover or a configuration change. To reduce the impact on your services, use the endpoint instead of the IP address.

    Related operations