This topic describes how to switch the IP whitelist mode from standard to enhanced.

IP whitelist modes

RDS instances provide two IP whitelist modes:
  • Standard mode

    IP addresses in the whitelist apply to both classic networks and VPCs. This has security risks, so we recommend that you switch to the enhanced security mode.

    Note MySQL 8.0 supports only the standard mode.
  • Enhanced security mode
    IP addresses in the whitelist are classified into two types:
    • IP addresses for classic networks and the Internet
    • IP addresses for VPCs
    In this mode, you must specify the network type when you create an IP whitelist group.

    Currently, MySQL, PostgreSQL, PPAS, and MariaDB TX support the enhanced security mode.

Changes after switching to the enchanced security mode

  • If the instance network type is VPC, a new whitelist group is generated and contains all IP addresses in the original whitelist. The new IP whitelist group applies only to VPCs.
  • If the instance network type is classic network, a new whitelist group is generated and contains all IP addresses in the original whitelist. The new IP whitelist group applies only to classic networks.
  • If the instance is in hybrid access mode (namely, an instance uses both a classic network and a VPC), two new whitelist groups are generated and each contain all IP addresses in the original whitelist. One of the whitelist group applies to VPCs and the other applies to classic networks.
Note The switch does not affect the ECS security group in the instance whitelist.

Precisions

An IP whitelist can be switched from the standard mode to the enhanced security mode, and the switch is irreversible.

Procedure

  1. Log on to the RDS console.
  2. In the upper-left corner, select the region where the target RDS instance is located.
  3. Find the target RDS instance and click the instance ID.
  4. In the left-side navigation pane, click Security.
  5. On the Whitelist Settings tab page, click Enable Enhanced Security Whitelist (Recommended).Enable Enhanced Security Whitelist
  6. In the displayed dialog box, click Confirm.