All Products
Search
Document Center

ApsaraDB for HBase:Configure a whitelist and a security group

Last Updated:Sep 01, 2023

After you create an ApsaraDB for HBase cluster, you must configure a whitelist or associate an Elastic Compute Service (ECS) security group with the ApsaraDB for HBase cluster. This way, the clients in the whitelist or the ECS instances in the security group can access the ApsaraDB for HBase cluster.

Background information

By default, an ApsaraDB for HBase cluster is inaccessible when it is created. This ensures database security. The following operations cannot be performed on the ApsaraDB for HBase cluster:

  • Use open source components, such as the Apache HBase, Ganglia, and Hadoop Distributed File System (HDFS) components, to perform operations on the ApsaraDB for HBase cluster.

  • Read data from or write data to the ApsaraDB for HBase cluster.

Before you use an ApsaraDB for HBase cluster, add the IP addresses of the clients to the whitelist of the ApsaraDB for HBase cluster or associate an ECS security group with the ApsaraDB for HBase cluster.

You can configure both a whitelist and an ECS security group for the ApsaraDB for HBase cluster. The clients in the whitelist and the ECS instances in the security group can access the ApsaraDB for HBase cluster.

Configure a whitelist

  1. Log on to the ApsaraDB for HBase console.

  2. In the top navigation bar, select the region where the cluster is deployed.

  3. On the Clusters page, find the cluster that you want to manage and click the ID of the cluster.

  4. In the left-side navigation pane, click Access Control.

  5. On the Whitelist Setting tab, click Modify Whitelist.

  6. In the Modify Whitelist dialog box, enter the IP addresses or CIDR blocks for which you want to enable access to the cluster and click OK.

    Note
    • The default whitelist contains only 127.0.0.1. If the default whitelist is used, no client is allowed to access the cluster.

    • If you enter 0.0.0.0 or 0.0.0.0/0 in the Whitelist field or leave the Whitelist field empty, access requests from all IP addresses are allowed. This poses high security risks to databases. To ensure database security, do not enter 0.0.0.0 or 0.0.0.0/0 in the Whitelist field.

    • If you want to use a public IP address to access the cluster, enter the public IP address in the Whitelist field. If you want to use an on-premises client to access the cluster, search for the public IP address of the on-premises client.

Associate a security group with the ApsaraDB for HBase cluster

A security group is used as a virtual firewall to control the inbound and outbound traffic of ECS instances in the security group. After a security group is associated with an ApsaraDB for HBase cluster, the ECS instances in the security group can access the ApsaraDB for HBase cluster.

Note
  • Only the ApsaraDB for HBase clusters of Standard Edition and Performance-enhanced Edition support security groups.

  • Before you associate a security group with an ApsaraDB for HBase cluster, make sure that the ECS instances in the security group and the ApsaraDB for HBase cluster are deployed in the same virtual private cloud (VPC).

  • You can associate up to three security groups with an ApsaraDB for HBase cluster.

  1. Log on to the ApsaraDB for HBase console.

  2. In the top navigation bar, select the region where the cluster is deployed.

  3. On the Clusters page, find the cluster that you want to manage and click the ID of the cluster.

  4. In the left-side navigation pane, click Access Control.

  5. Click the Security Group tab.

  6. Click Add Security Group.

  7. In the Add Security Group dialog box, select the security group with which you want to associate and click OK.