All Products
Search
Document Center

ApsaraDB RDS:Apply for a public endpoint for an ApsaraDB RDS for PostgreSQL instance

Last Updated:Jan 17, 2024

ApsaraDB RDS provides an internal endpoint that you can use to connect to your ApsaraDB RDS for PostgreSQL instance from an Alibaba Cloud instance such as an Elastic Compute Service (ECS) instance within the same virtual private cloud (VPC) as the RDS instance. If your application is deployed on an Alibaba Cloud instance that resides in a different VPC from the RDS instance or an on-premise device, you must apply for a public endpoint and use the public endpoint to connect the application to your RDS instance.

Internal and public endpoints

Endpoint type

Description

Internal endpoint

  • By default, an internal endpoint is provided. You do not need to apply for the internal endpoint. You cannot release the internal endpoint. However, you can change the network type.

  • If the ECS instance on which your application is deployed resides in the same VPC as your RDS instance, these instances can communicate over an internal network, and you do not need to apply for a public endpoint.

  • For security and performance purposes, we recommend that you connect to your RDS instance by using the internal endpoint.

Public endpoint

  • You must manually apply for a public endpoint for your RDS instance. You can release the public endpoint if it is no longer required.

  • If you cannot connect to your RDS instance by using the internal endpoint, you must apply for a public endpoint. You need to apply for a public endpoint in the following scenarios:

    • Connect to your RDS instance from an ECS instance that resides in a different VPC from your RDS instance.

    • Connect to your RDS instance from a device outside Alibaba Cloud.

Important
  • You are not charged for applying for a public endpoint. You are also not charged for the traffic that is generated after you use the public endpoint to connect to your RDS instance over the Internet.

  • If you use a public endpoint to connect to an RDS instance, data security is compromised. Proceed with caution.

  • For faster transmission and higher security, we recommend that you migrate your application to an ECS instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance by using the internal endpoint of the RDS instance.

Apply for or release a public endpoint

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Database Connection.

  3. Apply for or release a public endpoint.

    • If you have not applied for a public endpoint, you can click Apply for Public Endpoint.

    • If you have applied for a public endpoint, click Release Internet Address.

    Warning

    When you apply for a public endpoint, Add 0.0.0.0/0 to the whitelist is selected by default. The 0.0.0.0/0 CIDR block indicates that all IP addresses are allowed to access your RDS instance. We recommend that you add this CIDR block only for a connectivity test. When you run online workloads, do not add this CIDR block to an IP address whitelist.

  4. In the message that appears, click OK.

References

  • After you apply for a public endpoint, you must add the public IP address of the device on which the client or application resides to an IP address whitelist of your RDS instance. This way, you can connect to the RDS instance over the Internet. For more information, see Configure an IP address whitelist.

  • You can connect to your RDS instance by using the pgAdmin client, the PostgreSQL CLI, or an application. For more information, see Connect to an ApsaraDB RDS for PostgreSQL instance.

  • You can call the following API operations to apply for and release a public endpoint.

    Operation

    Description

    AllocateInstancePublicConnection

    Applies for a public endpoint for an instance.

    ReleaseInstancePublicConnection

    Releases the public endpoint of an instance.