Before using an ApsaraDB for Redis instance, you need to add IP addresses or Classless Inter-Domain Routing (CIDR) blocks used to access the database to a whitelist of the instance to improve database security and stability. If you use the whitelist correctly, you can guarantee the highest-level security protection for your ApsaraDB for Redis instance. We recommend that you maintain the whitelist on a regular basis.

Prerequisites

The kernel version of an instance supports the whitelist feature. This feature is supported only by specific kernel versions. If the kernel version of your instance does not support this feature, a reminder message appears when you set a whitelist for this instance. In this case, you can upgrade the kernel version, which is the minor version, of your instance to the latest. For more information, see Upgrade the minor version.

Procedure

  1. Log on to the ApsaraDB for Redis console.
  2. In the upper-left corner of the top navigation bar, select the region where the target instance is located.
  3. On the Instance List page, click the target instance ID or Manage in the Action column for the target instance.
  4. On the Instance Information page, click Whitelist Settings in the left-side navigation pane.
  5. On the Whitelist Settings page, proceed in either of the following ways:
    • If you need to customize a whitelist group name, create a whitelist group as follows:
      1. Click Add a Whitelist Group.
      2. Set Group Name.
        Note The group name must be 2 to 32 characters in length. It can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit. This name cannot be modified after the whitelist group is created.
    • If you do not need a custom whitelist group, click Modify to the right of the target whitelist group.
  6. In the Add a Whitelist Group or Modify Whitelist of Group​​ dialog box, proceed in either of the following ways:
    • Modify Whitelist of Group as follows:
      1. In the Whitelist of Group field, enter the IP addresses or CIDR blocks to be authorized to access the target instance.
        Figure 1. Modify the whitelist group
        Note
        • If you enter 0.0.0.0/0, all IP addresses can access the instance.
        • If you enter 127.0.0.1, no IP address is allowed to access the instance.
        • If you enter a CIDR block, such as 10.10.10.0/24, all IP addresses of this CIDR block can access the instance.
        • You need to separate multiple IP addresses with a comma (,), with no space before or after each comma.
        • You can add a maximum of 1,000 IP addresses to each whitelist group.
      2. Click OK.
    • Load internal IP addresses of Elastic Compute Service (ECS) instances under your Alibaba Cloud account as follows:
      1. Click Load ECS Internal IP Addresses.
        Figure 2. Load ECS internal IP addresses
      2. Select the internal IP addresses of the target ECS instance.
        Figure 3. Select the ECS internal IP addresses
        Note You can enter an ECS instance name, ECS instance ID, or IP address in the search box above the list of ECS internal IP addresses to search for IP addresses in fuzzy search mode.
      3. Click OK.

Related API operations

Operation Description
DescribeSecurityIps Queries the IP address whitelists of an ApsaraDB for Redis instance.
ModifySecurityIps Modifies the IP address whitelists of an ApsaraDB for Redis instance.