All Products
Search
Document Center

ApsaraDB RDS:ModifySecurityIps

Last Updated:Mar 13, 2024

Modifies the IP address whitelist of an ApsaraDB RDS instance.

Operation description

Supported database engines

  • MySQL
  • PostgreSQL
  • SQL Server
  • MariaDB

References

Note Before you call this operation, read the following documentation and make sure that you fully understand the prerequisites and impacts of this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
rds:ModifySecurityIpsWRITE
  • DBInstance
    acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
  • rds:ResourceTag
none

Request parameters

ParameterTypeRequiredDescriptionExample
DBInstanceIdstringYes

The instance ID. You can call the DescribeDBInstances operation to query the instance ID.

pgm-bp18n0c8zt45****
SecurityIpsstringYes

The IP addresses in an IP address whitelist. Separate multiple IP addresses with commas (,). Each IP address in the IP address whitelist must be unique. The entries in the IP address whitelist must be in one of the following formats:

  • IP addresses, such as 10.23.XX.XX.
  • CIDR blocks, such as 10.23.XX.XX/24. In this example, 24 indicates that the prefix of each IP address in the IP address whitelist is 24 bits in length. You can replace 24 with a value within the range of 1 to 32.
Note A maximum of 1,000 IP addresses or CIDR blocks can be added for each instance. If you want to add a large number of IP addresses, we recommend that you merge them into CIDR blocks, such as 10.23.XX.XX/24.
10.23.XX.XX
DBInstanceIPArrayNamestringNo

The name of the IP address whitelist that you want to modify. Default value: Default.

Note A maximum of 200 IP address whitelists can be configured for each instance.
test
DBInstanceIPArrayAttributestringNo

The attribute of the IP address whitelist. By default, this parameter is empty.

Note The IP address whitelists that have the hidden attribute are not displayed in the ApsaraDB RDS console. These IP address whitelists are used to access Alibaba Cloud services, such as Data Transmission Service (DTS).
hidden
SecurityIPTypestringNo

The type of the IP addresses in the IP address whitelist. Set the value to IPv4. IPv6 is not supported.

IPv4
WhitelistNetworkTypestringNo

The network type of the IP address whitelist. Valid values:

  • Classic: classic network in enhanced whitelist mode
  • VPC: virtual private cloud (VPC) network type in enhanced whitelist mode.
  • MIX: standard whitelist mode

Default value: MIX.

Note
  • In standard whitelist mode, IP addresses and CIDR blocks are added only to the default IP address whitelist. In enhanced whitelist mode, IP addresses and CIDR blocks are added to the IP address whitelists of the classic network type and the VPC network type.
  • If your RDS instance runs PostgreSQL and uses cloud disks, set this parameter to MIX. If you set it to another value, the system automatically changes the value to MIX.
  • Classic
    ModifyModestringNo

    The method that is used to modify the whitelist. Valid values:

    • Cover: Use the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to overwrite the existing IP addresses and CIDR blocks in the IP address whitelist.
    • Append: Add the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to the IP address whitelist.
    • Delete: Delete the IP addresses and CIDR blocks that are specified in the SecurityIps parameter from the IP address whitelist. You must retain at least one IP address or CIDR block.

    Default value: Cover.

    Cover
    FreshWhiteListReadinsstringNo

    The read-only instances to which you want to synchronize the IP address whitelist.

    • This parameter applies only to ApsaraDB RDS for PostgreSQL instances.
    • If the instance is attached with a read-only instance, you can use this parameter to synchronize the IP address whitelist to the read-only instance. If the instance is attached with multiple read-only instances, separate the read-only instances with commas (,).
    • If the instance is not attached with a read-only instance, leave this parameter empty.
    pgr-bp17yuz4dn3d****,pgr-bp1vn2ph54u1****

    Response parameters

    ParameterTypeDescriptionExample
    object

    The response parameters.

    TaskIdstring

    The task ID.

    115855279
    RequestIdstring

    The ID of the request.

    1AD222E9-E606-4A42-BF6D-8A4442913CEF

    Examples

    Sample success responses

    JSONformat

    {
      "TaskId": "115855279",
      "RequestId": " 1AD222E9-E606-4A42-BF6D-8A4442913CEF"
    }

    Error codes

    HTTP status codeError codeError messageDescription
    400IncorrectMasterDBInstanceStateMaster instance state does not support this operation.-
    400InvalidWhitelistNetType.MalformedSpecified WhitelistNetType is not valid.The specified WhitelistNetworkType is invalid. Please check again.
    400InvalidIPArrayAttribute.FormatThe format of the IP attribute is invalid.The specified DBInstanceIPArrayAttribute parameter is invalid. Specify a valid value and try again. If the value that you specify contains multiple entries, separate the entries with commas (,). Each entry must be unique. Valid entries are in one of the following formats: IP address, such as 10.23.12.24. CIDR, such as 10.23.12.0/24. In this example, 24 indicates that the prefix in each IP address is 24 bits in length. You can replace 24 with an integer within the range of 1 to 32.
    400InvalidSecurityIPList.DuplicateSpecified security IP list is not valid: Duplicate IP address in the list.The IP address whitelist is invalid. It contains duplicate entries.
    400SecurityIPList.FormatSpecified SecurityIPList is not valid.The specified IP address whitelist is invalid.
    403IncorrectDBTypeThe current DB type does not support this operation.The operation failed. The operation is not supported by the database engine of the RDS instance. Specify a different database engine.
    403IncorrectDBInstanceTypeCurrent DB instance type does not support this operation.The operation failed. The RDS instance is not in a ready state.
    403IncorrectDBInstanceCharacterTypeCurrent DB Instance character_type does not support this operation.This operation is not supported for the character type of the current instance.
    403IncorrectDBInstanceStateCurrent DB instance state does not support this operation.-
    403IncorrectEngineVersionThe engine version does not support the operation.The operation failed. The operation is not supported for the database engine version of the RDS instance.
    404Readins.NotFoundThe current instance does not contain any read only instance. The operation is not supported.The operation failed. The RDS instance is not attached with read-only RDS instances.
    404InvalidDBInstanceName.NotFoundThe database instance does not exist.The name of the RDS instance cannot be found. Check the name of the RDS instance.
    404InvalidDBInstance.NotFoundThe specified instance does not exist or is not supported.The RDS instance cannot be found. Check the ID or name of the RDS instance.
    404IncorrectDBInstanceLockModeCurrent DB instance lock mode does not support this operation.The operation failed. The RDS instance is locked.

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2022-10-28The Error code has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 404 change
      delete Error Codes: 400
      Added Error Codes: 403
    2022-09-01The Error code has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 404 change
      delete Error Codes: 400