This topic describes how to switch the IP whitelist mode from standard to enhanced.
IP whitelist modes
- Standard mode
IP addresses in the whitelist apply to both classic networks and VPCs. This has security risks, so we recommend that you switch to the enhanced security mode.Note MySQL 8.0 supports only the standard mode.
- Enhanced security mode
IP addresses in the whitelist are classified into two types:
- IP addresses for classic networks and the Internet
- IP addresses for VPCs
Currently, MySQL, PostgreSQL, PPAS, and MariaDB TX support the enhanced security mode.
Changes after switching to the enchanced security mode
- If the instance network type is VPC, a new whitelist group is generated and contains all IP addresses in the original whitelist. The new IP whitelist group applies only to VPCs.
- If the instance network type is classic network, a new whitelist group is generated and contains all IP addresses in the original whitelist. The new IP whitelist group applies only to classic networks.
- If the instance is in hybrid access mode (namely, an instance uses both a classic network and a VPC), two new whitelist groups are generated and each contain all IP addresses in the original whitelist. One of the whitelist group applies to VPCs and the other applies to classic networks.
An IP whitelist can be switched from the standard mode to the enhanced security mode, and the switch is irreversible.
- Log on to the RDS console.
- In the upper-left corner, select the region where the target RDS instance is located.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Security.
- On the Whitelist Settings tab page, click Enable Enhanced Security Whitelist (Recommended).
- In the displayed dialog box, click Confirm.