To generate APIs for a data source in DataService Studio, you must configure network connectivity to ensure that the resource group used by DataService Studio can access the data source over the specified network. You must also add CIDR blocks used by the resource group to a whitelist of the data source. This topic describes how to configure network connectivity and whitelists for data sources that are deployed on different types of networks.

Configure network connectivity between the shared resource group for DataService Studio and a data source

Before you generate APIs for a data source in the DataService Studio, you must configure the data source. To ensure that the shared resource group for DataService Studio can access the data source, add the CIDR blocks used by Alibaba Cloud services in each region to a whitelist of the data source.
Region CIDR block
China (Hangzhou) 100.64.0.0/10,11.193.102.0/24,11.193.215.0/24,11.194.110.0/24,11.194.73.0/24,118.31.157.0/24,47.97.53.0/24,11.196.23.0/24,47.99.12.0/24,47.99.13.0/24,114.55.197.0/24,11.197.246.0/24,11.197.247.0/24,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26,11.193.55.0/24,101.37.74.122,114.55.197.231,114.55.198.83,101.37.74.206
China (Shanghai) 11.193.109.0/24,11.193.252.0/24,47.101.107.0/24,47.100.129.0/24,106.15.14.0/24,10.117.28.203,10.143.32.0/24,10.152.69.0/24,10.153.136.0/24,10.27.63.15,10.27.63.38,10.27.63.41,10.27.63.60,10.46.64.81,10.46.67.156,11.192.97.0/24,11.192.98.0/24,11.193.102.0/24,11.218.89.0/24,11.218.96.0/24,11.219.217.0/24,11.219.218.0/24,11.219.219.0/24,11.219.233.0/24,11.219.234.0/24,118.178.142.154,118.178.56.228,118.178.59.233,118.178.84.74,120.27.160.26,120.27.160.81,121.43.110.160,121.43.112.137,100.64.0.0/10,10.117.39.238,11.193.96.0/24,11.193.48.0/24,11.193.108.0/24,101.132.31.146,106.15.14.240,106.15.14.75,101.132.31.221
China (Shenzhen) 100.106.46.0/24,100.106.49.0/24,10.152.27.0/24,10.152.28.0/24,11.192.91.0/24,11.192.96.0/24,11.193.103.0/24,100.64.0.0/10,120.76.104.0/24,120.76.91.0/24,120.78.45.0/24,47.106.63.0/26,47.106.63.128/26,47.106.63.192/26,47.106.63.64/26,11.193.94.0/24,120.78.45.154,120.78.46.137,120.78.46.107,120.78.45.140
China (Chengdu) 11.195.52.0/24,11.195.55.0/24,47.108.22.0/24,100.64.0.0/10
China (Beijing) 100.106.48.0/24,10.152.167.0/24,10.152.168.0/24,11.193.50.0/24,11.193.75.0/24,11.193.82.0/24,11.193.99.0/24,100.64.0.0/10,47.93.110.0/24,47.94.185.0/24,47.95.63.0/24,11.197.231.0/24,11.195.172.0/24,47.94.49.0/24,182.92.144.0/24,11.193.100.0/24,11.193.199.0/24,39.106.244.50,47.95.63.101,47.95.63.93,39.106.244.48
China (Zhangjiakou) 11.193.235.0/24,47.92.22.0/24,100.64.0.0/10,11.112.227.0/24
China (Hong Kong) 10.152.162.0/24,11.192.196.0/24,11.193.11.0/24,100.64.0.0/10,47.89.61.0/24,47.91.171.0/24,11.193.118.0/24,47.75.228.0/24,47.56.45.0/25,47.244.92.128/25,47.101.109.0/24,11.193.200.0/24,11.193.12.0/24,47.90.71.152,47.90.71.141,47.91.171.178,47.91.172.3
Singapore (Singapore) 100.106.10.0/24,100.106.35.0/24,10.151.234.0/24,10.151.238.0/24,10.152.248.0/24,11.192.153.0/24,11.192.40.0/24,11.193.8.0/24,100.64.0.0/10,47.88.147.0/24,47.88.235.0/24,11.193.162.0/24,11.193.163.0/24,11.193.220.0/24,11.193.158.0/24,47.74.162.0/24,47.74.203.0/24,47.74.161.0/24,11.197.188.0/24,11.197.227.0/24,47.74.161.218,47.74.161.181,161.117.140.83,47.88.143.36
Australia (Sydney) 11.192.100.0/24,11.192.134.0/24,11.192.135.0/24,11.192.184.0/24,11.192.99.0/24,100.64.0.0/10,47.91.49.0/24,47.91.50.0/24,11.193.165.0/24,47.91.60.0/24,11.195.113.0/24,47.74.100.0/24
US (Silicon Valley) 10.152.160.0/24,100.64.0.0/10,47.89.224.0/24,11.193.216.0/24,47.88.108.0/24,47.88.99.153,47.254.58.215,47.88.108.192,47.254.58.135
US (Virginia) 11.193.203.0/24,11.194.68.0/24,11.194.69.0/24,100.64.0.0/10,47.252.55.0/24,47.252.88.0/24,11.194.69.0/24,10.128.135.0/24,47.88.98.0/24
Malaysia (Kuala Lumpur) 11.193.188.0/24,11.221.205.0/24,11.221.206.0/24,11.221.207.0/24,100.64.0.0/10,11.214.81.0/24,47.254.212.0/24,11.193.189.0/24,47.250.29.0/26,47.250.29.128/26,47.250.29.192/26,47.250.29.64/26
Germany (Frankfurt) 11.192.116.0/24,11.192.168.0/24,11.192.169.0/24,11.192.170.0/24,11.193.106.0/24,100.64.0.0/10,11.192.116.14,11.192.116.142,11.192.116.160,11.192.116.75,11.192.170.27,47.91.82.22,47.91.83.74,47.91.83.93,47.91.84.11,47.91.84.110,47.91.84.82,11.193.167.0/24,47.254.138.0/24,11.194.61.0/24,47.254.185.0/24
Japan (Tokyo) 100.105.55.0/24,11.192.147.0/24,11.192.148.0/24,11.192.149.0/24,100.64.0.0/10,47.91.12.0/24,47.91.13.0/24,47.91.9.0/24,11.199.250.0/24,47.91.27.0/24,11.59.59.0/24,47.245.51.128/26,47.245.51.192/26,47.91.0.128/26,47.91.0.192/26
India (Mumbai) 11.194.10.0/24,11.246.70.0/24,11.246.71.0/24,11.246.73.0/24,11.246.74.0/24,100.64.0.0/10,149.129.164.0/24,11.194.11.0/24,11.59.62.0/24,147.139.23.0/26,147.139.23.128/26,147.139.23.64/26,149.129.165.192/26
UK (London) 11.199.93.0/24,100.64.0.0/10,8.208.72.0/26,8.208.72.128/26,8.208.72.192/26,8.208.72.64/26
Indonesia (Jakarta) 11.194.49.0/24,11.200.93.0/24,11.200.95.0/24,11.200.97.0/24,100.64.0.0/10,149.129.228.0/24,10.143.32.0/24,11.194.50.0/24,11.59.135.0/24,147.139.156.0/26,147.139.156.128/26,147.139.156.64/26,149.129.230.192/26,149.129.229.0/26,149.129.229.64/26,149.129.229.128/26,149.129.229.192/26

Notes about whitelist configuration for data sources

To prevent that a data source is inaccessible to DataService Studio due to the whitelist configuration of the data source, you must add the IP addresses of the resource groups for DataService Studio to a whitelist of the data source. This section describes the notes about whitelist configuration for data sources.

In this example, an ApsaraDB RDS instance is used as a data source. ApsaraDB RDS supports standard IP address whitelists and enhanced IP address whitelists. The type of the whitelist that you configure may affect the network connectivity between DataService Studio and your ApsaraDB RDS instance.
  • If you configure a standard IP address whitelist, take note of the following items:
    • A standard IP address whitelist does not distinguish between the classic network and VPCs.
    • You can add the IP addresses of the shared resource group and exclusive resource groups for DataService Studio to the same standard IP address whitelist.
      Note The IP addresses in a standard IP address whitelist are granted access to your ApsaraDB RDS instance over both the classic network and VPCs.
  • If you configure an enhanced IP address whitelist, take note that of the following items:
    • An enhanced IP address whitelist distinguishes between the classic network and VPCs.
      Note You must specify the network isolation mode of each enhanced IP address whitelist. For example, if the Network Isolation Mode parameter is set to Classic Network for an IP address whitelist, the IP addresses in the IP address whitelist are granted access to your ApsaraDB RDS instance only over the classic network. In this case, you cannot connect to your ApsaraDB RDS instance over VPCs from these IP addresses.
    • To allow the shared resource group for DataService Studio to access your ApsaraDB RDS instance over a VPC, add the IP addresses of the shared resource group to an IP address whitelist for which the network isolation mode is set to VPC. For example, you can allow DataService Studio to access an ApsaraDB RDS for MySQL instance that is deployed in a VPC in this way.
    • To allow resource groups for DataService Studio to access your ApsaraDB RDS instance over the Internet or the classic network, add the IP addresses of the resource groups to an IP address whitelist for which the network isolation mode is set to Classic Network.
  • If you change a standard IP address whitelist to an enhanced IP address whitelist in your ApsaraDB RDS instance, take note of the following item:

    The standard IP address whitelist is replicated into two enhanced IP address whitelists that contain the same IP addresses. The two enhanced IP address whitelists have different network isolation modes.

Other notes about whitelist configuration:

  • When you configure IP address whitelists, the workloads on your RDS instance are not interrupted.
  • The IP address whitelist labeled default can be cleared, but cannot be deleted.
  • Do not modify or delete the IP address whitelists that are generated by other Alibaba Cloud services. If you delete these IP address whitelists, the related Alibaba Cloud services cannot connect to your ApsaraDB RDS instance. These whitelists include ali_dms_group that is created by Database Management (DMS) and hdm_security_ips that is created by Database Autonomy Service (DAS).
    Note We recommend that you create a separate IP address whitelist for DataWorks in your ApsaraDB RDS instance.
  • The IP address whitelist labeled default contains only the 127.0.0.1 IP address. This indicates that no IP addresses can access your ApsaraDB RDS instance.

For more information about how to configure a whitelist in your ApsaraDB RDS instance, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance. You can use a similar method to configure a whitelist for another type of data source. To configure whitelists for other types of data sources, see the related instructions.