This topic describes how to switch to the enhanced whitelist mode for an RDS MariaDB instance.
IP whitelist modes
ApsaraDB for RDS instances provide the following two IP whitelist modes:
- Standard whitelist mode
In this mode, the IP addresses in the whitelist do not distinguish between the classic network and VPCs. The IP addresses in the whitelist can access the RDS instance both in the classic network and VPCs. We recommend that you switch from the standard whitelist to the enhanced whitelist.
- Enhanced whitelist mode
In this mode, the whitelist is classified into two IP whitelist groups by network type: the classic-network whitelist group and the VPC whitelist group. When you create an IP whitelist, you must specify a network type.
Changes after switching to the enhanced whitelist mode
If your RDS instance is in a VPC, the original IP address whitelists of your RDS instance are replicated to a new IP address whitelist that is suitable to VPC.
- You can switch from the standard whitelist to the enhanced whitelist. However, you cannot switch from the enhanced whitelist to the standard whitelist.
- In the enhanced mode, the classic-network whitelist group also applies to accesses from a public network. If you want to access the RDS instance from an instance, host, or application in the public network, you must add the public IP address to the classic-network whitelist group.
- Log on to the RDS console.
- In the upper-left corner of the page, select the region where the target RDS instance is located.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Data Security.
- On the Whitelist Settings tab, click Switch to Enhanced Whitelist (Recommended).
- In the message box that appears, click OK.