To make sure the security and stability of databases, you can add the IP addresses or IP segments used for accessing the database to the whitelist or security group of the target instance before using certain database instances. This article describes how to add a corresponding whitelist and security group when you are using DataWorks in different regions.
Enter the DTplus console as a developer. Click DataWorks and navigate to the Project list page.
Select a project region.
Currently, the supported regions are China East 2 (Shanghai), China South 1 (Shenzhen), Hong Kong, and Asia Pacific SOU 1 (Singapore). The default region is China East 2, and you can switch to other regions where your project is located, as shown in the following figure.
Select the whitelist for your project region.
A part of the data sources have a white list restrictions, they need to release access IPs of data integration. The common data sources, such as RDS, MongoDB, and Redis, need to release access IPs in their consoles. Adding a white list has the following two cases.
When a sync task is running on the custom resource group. You must authorize mechines for the custom resource group, and add machines intranet IPs and extranet IPs to the white list of data source.
The whitelist entries differs from region to region. Select the whitelist for the selected region from the following whitelist table.
|China East 1 (Hangzhou)||100.64.0.0/8,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24|
|China East 2 (Shanghai)||184.108.40.206,220.127.116.11,10.152.69.0/24,10.153.136.0/24,10.143.32.0/24,18.104.22.168,10.46.67.156,22.214.171.124,10.46.64.81,126.96.36.199,10.117.39.238,188.8.131.52,10.117.28.203,184.108.40.206,10.27.63.41,220.127.116.11,10.27.63.60,18.104.22.168,10.27.63.38,22.214.171.124,10.27.63.15,100.64.0.0/8|
|China South 1 (Shenzhen)||100.106.46.0/24,100.106.49.0/24,10.152.27.0/24,10.152.28.0/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,100.64.0.0/8,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24|
|Asia Pacific SE 1(Singapore)||100.106.10.0/24,100.106.35.0/24,10.151.234.0/24,10.151.238.0/24,10.152.248.0/24,126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,100.64.0.0/8,100.106.10.0/24,100.106.35.0/24,10.151.234.0/24,10.151.238.0/24,10.152.248.0/24,220.127.116.11/24,18.104.22.168/24,22.214.171.124/24|
|Asia Pacific SE 2(Sydney)||126.96.36.199/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/8,22.214.171.124/24,126.96.36.199/24|
|China North 2||100.106.48.0/24,10.152.167.0/24,10.152.168.0/24,188.8.131.52/24,184.108.40.206/24,220.127.116.11/24,18.104.22.168/24,100.64.0.0/8,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24|
|US West 1||10.152.160.0/24,100.64.0.0/8,184.108.40.206/24|
|Asia Pacific SE 2 (Malaysia)||220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,100.64.0.0/8,188.8.131.52/24,184.108.40.206/24|
|United Arab Emirates (Dubai)||220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199/24,188.8.131.52/24,100.64.0.0/8|
The RDS data source can be configured in the following two ways.
In this case, a data source is created by using an RDS instance. Currently, the connectivity test (including the RDS in VPC environments) is supported. If the connectivity test fails, you can try to add the data source by using the jdbcUrl.
For the IP in jdbcUrl, enter an intranet IP address or an Internet IP address if no intranet IP address is available. The intranet IP address features faster synchronization because the address is relevant to Alibaba Cloud data centers, while the synchronization speed of the Internet IP address is subject to the available Internet bandwidth.
RDS whitelist configuration
When Data Integration is connected to RDS for data synchronization, the database standard protocol must be connected to the database. The RDS permits all IP connections by default. If you specify an IP whitelist during RDS configuration, you must add an IP whitelist of Data Integration execution nodes. If no RDS whitelist is specified, no whitelist is provided for Data Integration.
If you have set an RDS IP whitelist, enter the RDS console and navigate to Security Control to Set whitelist.
Note: If you use a custom resource group to schedule the RDS data synchronization task, you must add the IP address of the computer hosting the custom resource group to the RDS whitelist.