Besides the IP address whitelist, RDS also supports advanced network access control using VPC.
A VPC is a private network environment in the public cloud, which strictly isolates users’ network packets with the underlying network protocol and implements access control at Layer 2. By using the VPN or private line, you can connect your IDC server resources to Alibaba Cloud, use a custom RDS IP address segment of the VPC to resolve IP address conflicts, and access your RDS instances from both your server and your Alibaba Cloud ECS instance.
By using the VPC and the IP address whitelist, you can greatly improve the security of RDS instances.
By default, RDS instances deployed in a VPC are only accessible from the ECS instances in the same VPC. If necessary, you can also accept access requests from the public network by applying for a public IP address, but we do not recommend this access mode. These access requests include but are not limited to:
Access requests from the ECS EIP.
Access requests from the self-built IDC public network.
The IP address whitelist applies to any connection methods of RDS instances. We recommend that you set whitelist rules before applying for the public IP address.