This topic describes how to configure an IP address whitelist for an AnalyticDB for PostgreSQL instance before you start the instance. To ensure a secure and stable instance, you must add IP addresses or CIDR blocks that are allowed to connect to the instance to an IP address whitelist. A properly configured IP address whitelist can make your AnalyticDB for PostgreSQL instance more secure. We recommend that you maintain IP address whitelists on a regular basis.

Background information

AnalyticDB for PostgreSQL can be connected to in the following scenarios:

  • Connect to an AnalyticDB for PostgreSQL instance over the Internet.
  • Connect to an AnalyticDB for PostgreSQL instance over an internal network. In this scenario, make sure that the AnalyticDB for PostgreSQL instance and its associated Elastic Compute Service (ECS) instance are of the same network type.
  • Connect to an AnalyticDB for PostgreSQL instance over both the Internet and an internal network. In this scenario, make sure that the AnalyticDB for PostgreSQL instance and its associated ECS instance are of the same network type.
Notice For more information about how to configure network types, see How do I switch the network type?

Procedure

  1. Log on to the AnalyticDB for PostgreSQL console.
  2. In the top navigation bar, select the region where your AnalyticDB for PostgreSQL instance resides.
  3. Find your AnalyticDB for PostgreSQL instance and click its ID.
  4. In the left-side navigation pane, click Security Controls.
  5. On the Whitelist Settings tab, click Modify corresponding to the default IP address whitelist. The Modify Whitelist panel that appears shows the following parameters:
    • Whitelist Name: The whitelist name must be 2 to 32 characters in length, and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit. The default IP address whitelist cannot be modified or deleted.
    • IP Addresses: Enter the IP addresses or CIDR blocks that you want to allow to connect to the instance. Separate multiple IP addresses or CIDR blocks with commas (,).
      • An IP address whitelist can contain IP addresses such as 10.10.10.1 and CIDR blocks such as 10.10.10.0/24. This CIDR block indicates that all IP addresses in the 10.10.10.X format can connect to the instance.
      • A percent sign (%) or a CIDR block 0.0.0.0/0 indicates that all IP addresses are allowed to connect to the instance.
        Notice We recommend that you do not use this configuration because it reduces instance security.
      • The loopback IP address 127.0.0.1 is configured in the default IP address whitelist when an instance is created. This loopback IP address indicates that no external IP addresses are allowed to connect to the instance.
  6. Delete 127.0.0.1 from the default IP address whitelist and add IP addresses or CIDR blocks to that whitelist.
  7. Click OK.
    Notice
    • You can click Create Whitelist to create an IP address whitelist.
    • You can click Clear corresponding to the default IP address whitelist to delete all of its IP addresses and CIDR blocks except for 127.0.0.1.

Related operations

Operation Description
DescribeDBInstanceIPArrayList Queries the IP address whitelists of an instance.
ModifySecurityIps Modifies the IP address whitelists of an instance.