All Products
Search

This Product

    AnalyticDB:Configure a whitelist

    Document Center

    AnalyticDB:Configure a whitelist

    Last Updated:Feb 28, 2026

    An IP address whitelist controls which devices can connect to your AnalyticDB for MySQL cluster. By default, all external access is denied, so you must configure a whitelist before you can use your cluster.

    Before you begin

    • Default whitelist: The whitelist contains only 127.0.0.1 by default, which blocks all external access. You must add specific IP addresses or CIDR blocks to allow connections.

    • Format requirements: Use CIDR notation for IP ranges. For example, 10.10.10.0/24 grants access to all IP addresses in the 10.10.10.0 to 10.10.10.255 range. Separate multiple entries with commas and do not add spaces before or after each comma.

    • Prohibited entries: You cannot use 0.0.0.0 or X.X.X.X/0 in the whitelist. If your public IP address changes frequently, submit a ticket to contact technical support for assistance.

      Warning

      Allowing access from all public IP addresses exposes your cluster to the entire internet. Any device can then connect to the cluster. Proceed with caution.

    • No downtime required: Configuring a whitelist does not interrupt cluster operations. Changes take effect in about one minute.

    • Regular maintenance: Review and update your whitelists regularly to maintain a high level of access security for your cluster.

    • Identify your client IP: If you need to add client outbound IP addresses to the whitelist, first identify your IP address. For more information, see Connection.

    Procedure (Enterprise, Basic, and Lakehouse Edition)

    1. Log on to the AnalyticDB for MySQL console. In the upper-left corner of the console, select a region. In the left-side navigation pane, click Clusters. Find the cluster that you want to manage and click the cluster ID.

    2. In the left-side navigation pane, choose Cluster Management > Cluster Information.

    3. On the Cluster Information page, find the Data Security - Whitelist Settings section. Locate the default whitelist group and click Modify.

      Note

      You can also click Create Whitelist to create a custom whitelist group.

    4. In the Edit Whitelist dialog box, replace 127.0.0.1 with the IP addresses or CIDR blocks that you want to allow, and then click OK.

      Note

      If you need to add client outbound IP addresses to the whitelist, please identify your IP first. For more information, see Connection.

    Procedure (Data Warehouse Edition)

    1. Log on to the AnalyticDB for MySQL console. In the upper-left corner of the console, select a region. In the left-side navigation pane, click Clusters. Find the cluster that you want to manage and click the cluster ID.

    2. In the left-side navigation pane, click Data Security.

    3. On the Whitelist Settings page, find the default whitelist group and click Modify.

      Note

      You can also click Create Whitelist to create a custom whitelist group.

    4. In the Edit Whitelist dialog box, replace 127.0.0.1 with the IP addresses or CIDR blocks that you want to allow, and then click OK.

      Note

      If you need to add client outbound IP addresses to the whitelist, please identify your IP first. For more information, see Connection.