All Products
Search
Document Center

ApsaraDB for Redis:Enable password-free access

Last Updated:Dec 18, 2023

ApsaraDB for Redis allows you to enable password-free access for instances that are deployed in virtual private clouds (VPCs). This feature provides a secure and convenient method to connect to an instance. After password-free access is enabled for an instance deployed in a VPC, clients within the same VPC as the instance can access the instance without using passwords. Meanwhile, you can still use a username and a password to connect to the instance.

Prerequisites

The instance that you want to manage is deployed in a VPC.

Note

If the network type of the instance is classic network, you must change the network type to VPC. For more information, see Change the network type from classic network to VPC.

Usage notes

  • After you enable password-free access for your ApsaraDB for Redis instance, the default account is used to connect to the instance. The username of the default account is the same as the instance ID, such as r-bp1zxszhcgatnx****. The default account has read and write permissions on the instance.

  • For security concerns, if you use a public endpoint to connect to your ApsaraDB for Redis instance after you enable password-free access for the instance, you still need to enter a password.

  • By default, the #no_loose_check-whitelist-always parameter of your ApsaraDB for Redis instance is set to no. This way, after password-free access is enabled, clients in the same VPC can directly connect to the instance without the need to add the IP addresses of the clients to a whitelist of the instance.

    Note

    Cloud disk-based instances do not support the #no_loose_check-whitelist-always parameter. For more information, see Parameters that can be configured for ApsaraDB for Redis instances.

Procedure

  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.

  2. In the upper-right corner of the Connection Information section, click Enable Password-free Access.

  3. In the panel that appears, read the prompt and click OK.

    After you refresh the page, the Enable Password-free Access button changes to Disable Password-free Access. You can click this button to disable password-free access.

    Important

    If you disable password-free access for a Tair instance, connections that are established between the instance and your client by using this method fail.

    To prevent this impact on your client, you can change the method that is used to verify the connection of your client to account and password logon in advance.

Examples

The following code provides an example on how to connect to an instance that has password-free access enabled.

Note

For information about how to obtain the endpoint of your ApsaraDB for Redis instance and the password of the instance account, see View endpoints.

redis-cli

redis-cli -h host -p port
// Example: redis -h r-bp10noxlhcoim2****.redis.rds.aliyuncs.com -p 6379 
.

Jedis

JedisPoolConfig config = new JedisPoolConfig();
// Specify the maximum number of idle connections based on your business needs. The value cannot exceed the maximum number of connections supported by the instance. 
config.setMaxIdle(100);
// Specify the maximum number of connections based on your business needs. The value cannot exceed the maximum number of connections supported by the instance. 
config.setMaxTotal(200);
config.setTestOnBorrow(false);
config.setTestOnReturn(false);
// Replace the values of the host and port parameters with the endpoint and port number of the instance. The password parameter is not required. 
String host = "r-bp10noxlhcoim2****.redis.rds.aliyuncs.com";
int port = 6379;
JedisPool pool = new JedisPool(config, host, port);
Jedis jedis = null;
try
{
    jedis = pool.getResource();
    /// ... do stuff here ... for example
    jedis.set("foo", "bar");
    System.out.println(jedis.get("foo"));
    jedis.zadd("sose", 0, "car");
    jedis.zadd("sose", 0, "bike");
    System.out.println(jedis.zrange("sose", 0, -1));
}
finally
{
    if(jedis != null)
    {
        // Close connections after each API operation is complete. To close a connection, release the connection to the connection pool instead of destroying the connection. 
        jedis.close();
    }
}
// Call this method only once when you exit. 
pool.destroy();

References

API operation

Description

ModifyInstanceVpcAuthMode

Enables or disables password-free access for an ApsaraDB for Redis instance that is deployed in a VPC.

FAQ

  • Q: Why does the WRONGPASS invalid username-password pair error message appear after I enable password-free access for an instance deployed in a VPC?

    A: If you enter an incorrect password to connect to a Community Edition instance that runs Redis 6.0 and has password-free access enabled, the preceding error message is returned. Enter the correct password or leave the password field empty.

    Note

    Enter a password based on the following rules:

    • If you use the default account whose username is the same as the instance ID, enter the password of the account.

    • If you use a custom account, enter the password in the <user>:<password> format. Example: testaccount:Rp829dlwa.