This topic describes how to switch from the standard whitelist mode the enhanced whitelist mode for an RDS PPAS instance.
IP whitelist modes
ApsaraDB for RDS instances provide the following two IP whitelist modes:
- Standard whitelist mode
In this mode, the IP addresses in the whitelist do not distinguish between classic networks and VPCs. The IP addresses in the whitelist can access the RDS instance both in classic networks and VPCs. We recommend that you switch from the standard whitelist to the enhanced whitelist.
- Enhanced whitelist mode
In this mode, the whitelist is classified into two IP whitelist groups by network type: the classic-network whitelist group and the VPC whitelist group. When you create an IP whitelist, you must specify a network type.
Changes after switching to the enhanced whitelist mode
- If the network type of the instance is VPC, a new whitelist of the VPC is generated and contains the same IP addresses in the original whitelist. The new IP whitelist group only applies to VPCs.
- If the instance network type is classic network, a new whitelist group is generated and contains the same IP addresses in the original whitelist. The new IP whitelist group only applies to classic networks.
- If the instance is in the hybrid access mode, two new whitelist groups are generated and each contains the same IP addresses in the original whitelist. One of the whitelist group applies to VPCs and the other applies to classic networks.
- You can switch from the standard whitelist mode to the enhanced whitelist mode. However, you cannot switch from the enhanced whitelist mode to the standard whitelist mode.
- In the enhanced whitelist mode, the classic-network whitelist group also applies to accesses from a public network. If you want to access the RDS instance from an instance, host, or application in the public network, you must add the public IP address to the classic-network whitelist group.
- Log on to the RDS console.
- In the upper-left corner, select the region where the target RDS instance is located.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Data Security.
- On the Whitelist Settings tab, click Switch to Enhanced Whitelist (Recommended).
- In the message box that appears, click OK.