This topic describes how to switch from the standard whitelist mode the enhanced whitelist mode for an RDS for PPAS instance.

IP whitelist modes

ApsaraDB for RDS instances provide the following two IP whitelist modes:
  • Standard whitelist mode

    In this mode, the IP addresses in the whitelist do not distinguish between classic networks and VPCs. The IP addresses in the whitelist can access the RDS instance both in classic networks and VPCs. We recommend that you switch from the standard whitelist to the enhanced whitelist.


    Standard whitelist mode
  • Enhanced whitelist mode
    In this mode, the whitelist is classified into two IP whitelist groups by network type: the classic-network whitelist group and the VPC whitelist group. When you create an IP whitelist, you must specify a network type.
    Enhanced whitelist mode

Changes after switching to the enhanced whitelist

  • If the network type of the instance is VPC, a new whitelist of the VPC is generated and contains the same IP addresses in the original whitelist. The new IP whitelist group only applies to VPCs.
  • If the instance network type is classic network, a new whitelist group is generated and contains the same IP addresses in the original whitelist. The new IP whitelist group only applies to classic networks.
  • If the instance is in the hybrid access mode, two new whitelist groups are generated and each contains the same IP addresses in the original whitelist. One of the whitelist group applies to VPCs and the other applies to classic networks.
Note Switching to enhanced whitelist mode does not affect the ECS instances that are in the security group.

Precautions

  • You can switch from the standard whitelist mode to the enhanced whitelist mode. However, you cannot switch from the enhanced whitelist mode to the standard whitelist mode.
  • In the enhanced whitelist mode, the classic-network whitelist group also applies to accesses from a public network. If you want to access the RDS instance from an instance, host, or application in the public network, you must add the public IP address to the classic-network whitelist group.

Prerequisites

The instance edition must be ApsaraDB RDS for PostgreSQL 10 Cluster Edition (Local SSD).

Procedure

  1. Log on to the ApsaraDB for RDS console.
  2. In the upper-left corner of the page, select the region where the instance is located.
    Select a region
  3. Find the instance and click the instance ID.
  4. In the left-side navigation pane, click Data Security.
  5. On the Whitelist Settings tab, click Switch to Enhanced Whitelist (Recommended).
    Switch to Enhanced Whitelist (Recommended)
  6. In the message box that appears, click OK.