All Products
Search
Document Center

ApsaraDB RDS:Apply for or release a public endpoint

Last Updated:Feb 28, 2024

ApsaraDB RDS provides an internal endpoint that you can use to connect to your ApsaraDB RDS for PostgreSQL instance from an Alibaba Cloud instance such as an Elastic Compute Service (ECS) instance within the same virtual private cloud (VPC) as the RDS instance. If your application is deployed on an Alibaba Cloud instance that resides in a different VPC from the RDS instance or an on-premise device, you must apply for a public endpoint and use the public endpoint to connect the application to your RDS instance.

Internal and public endpoints

Endpoint type

Description

Internal endpoint

  • By default, an internal endpoint is provided. You do not need to apply for the internal endpoint. You cannot release the internal endpoint. However, you can change the network type.

  • If the ECS instance on which your application is deployed resides in the same VPC as your RDS instance, these instances can communicate over an internal network, and you do not need to apply for a public endpoint.

  • For security and performance purposes, we recommend that you connect to your RDS instance by using the internal endpoint.

Public endpoint

  • You must manually apply for a public endpoint for your RDS instance. You can release the public endpoint if it is no longer required.

  • If you cannot connect to your RDS instance by using the internal endpoint, you must apply for a public endpoint. You may need to apply for a public endpoint in the following scenarios:

    • Connect to your RDS instance from an ECS instance that resides in a different region or has a different network type than your RDS instance. For more information, see Network types.

    • Connect to your RDS instance from a device outside Alibaba Cloud.

Important
  • You are not charged for applying for a public endpoint. You are also not charged for the traffic that is generated after you use the public endpoint to connect to your RDS instance over the Internet.

  • If you use a public endpoint to connect to an RDS instance, data security is compromised. Proceed with caution.

  • For faster transmission and higher security, we recommend that you migrate your application to an ECS instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance by using the internal endpoint.

Apply for or release a public endpoint

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Database Connection.

  3. Apply for or release a public endpoint.

    • If you have not applied for a public endpoint, you can click Apply for Public Endpoint.

    • If you have applied for a public endpoint, click Release Internet Address.

    Warning

    When you apply for a public endpoint, Add 0.0.0.0/0 to the whitelist is selected by default. The 0.0.0.0/0 CIDR block indicates that all IP addresses are allowed to access your RDS instance. We recommend that you add this CIDR block only for a connectivity test. When you run online workloads, do not add this CIDR block to an IP address whitelist.

  4. In the message that appears, click OK.

    Important

    After the public endpoint is released, clients cannot connect to the RDS instance by using the released public endpoint.

References