To ensure the security and stability of AnalyticDB for PostgreSQL databases, AnalyticDB for PostgreSQL instances block access from all IP addresses by default. Before you use an AnalyticDB for PostgreSQL instance, you must add IP addresses or CIDR blocks that are used to access the AnalyticDB for PostgreSQL instance to the whitelists of the instance. A properly configured IP address whitelist can make your AnalyticDB for PostgreSQL instance more secure. We recommend that you maintain IP address whitelists on a regular basis.

Prerequisites

Before you configure a whitelist for an AnalyticDB for PostgreSQL instance, you must obtain the IP address of the client based on its installation location by using the following methods.

  • ECS instances:
    • Linux instance

      Run the ifconfig command to view NIC information. You can view the IP addresses, subnet masks, gateways, DNS servers, and MAC addresses in the command output.

    • Windows instance

      In Command Prompt, run the ipconfig /all command to view NIC information. You can view the IP addresses, subnet masks, gateways, DNS servers, and MAC addresses in the command output.

  • On-premises devices or third-party clouds:
    • Linux operating system: Run the curl ipinfo.io |grep ip command on the on-premises device to obtain its public IP address.
    • Windows operating system: Visit ipinfo on the on-premises device to obtain its public IP address.

Procedure

  1. Log on to the AnalyticDB for PostgreSQL console.
  2. In the upper-left corner of the console, select the region where the instance resides.
  3. Find the instance that you want to manage and click its ID.
  4. In the left-side navigation pane, click Security Controls.
  5. On the Security Controls page, perform the following operations:
    • Create a whitelist.
      1. Click Create Whitelist.
      2. In the Create Whitelist dialog box, specify the following parameters.
        Parameter Description
        Whitelist Name The name of the new whitelist.
        • The name can contain lowercase letters, digits, and underscores (_).
        • The name must start with a lowercase letter and end with a lowercase letter or a digit.
        • The name must be 2 to 32 characters in length.
        IP Addresses The IP addresses or CIDR blocks that are allowed to access the instance.
        • Separate multiple IP addresses with commas (,). A maximum of 999 unique IP addresses can be specified.
        • Supported formats are specific IP addresses such as 10.23.12.24 and CIDR blocks such as 10.23.12.24/24. /24 indicates the length of the IP address prefix. An IP address prefix can be 1 to 32 bits in length.
        • If you set the prefix length to 0, for example, 0.0.0.0/0 or 127.0.0.1/0, all IP addresses are allowed to access the instance. This poses a high security risk. Proceed with caution.
        • The IP address 127.0.0.1 indicates that no external IP addresses are allowed to access the instance.
      3. Click OK.
    • Modify a whitelist.
      1. Click Modify to the right of the whitelist name.
      2. Add or remove IP addresses or CIDR blocks in the IP Addresses section.
        Note The Whitelist Name of the default whitelist cannot be modified.
      3. Click OK.
    • Delete a whitelist.
      Note The default whitelist cannot be deleted.
      1. Click Delete to the right of the whitelist name.
      2. In the Delete Whitelist message, click OK.
    • Clear the default whitelist.
      1. Click Clear to the right of the default whitelist.
      2. In the Clear Whitelist message, click OK.

        The default whitelist contains only 127.0.0.1 after it is cleared.

Related operations

Operation Description
DescribeDBInstanceIPArrayList Queries the IP addresses that are allowed to access an instance.
ModifySecurityIps Modifies an IP address whitelist of an instance.