All Products
Search

This Product

    AnalyticDB:Configure a whitelist

    Document Center

    AnalyticDB:Configure a whitelist

    Last Updated:Mar 30, 2026

    AnalyticDB for PostgreSQL instances block all incoming connections by default. To connect to an instance, add the IP addresses or CIDR blocks of your client to a whitelist. Keep whitelists up to date as your network environment changes.

    Prerequisites

    Before you begin, ensure that you have:

    • An AnalyticDB for PostgreSQL instance

    • The permissions required to modify security settings on the instance

    Find your client IP address

    The method for obtaining your client IP address depends on where your client is installed.

    Client location Network type How to get the IP address
    ECS instance (recommended) VPC Check the IP address of the ECS instance. For details, see the How do I query the IP addresses of ECS instances? section of the Network FAQ. The ECS and AnalyticDB for PostgreSQL instances must be in the same virtual private cloud (VPC). If they are in different VPCs, change the VPC of the ECS instance first.
    On-premises device or third-party cloud Internet Use one of the following methods based on your operating system: Linux/macOS: Run curl ifconfig.me in the terminal. Windows: Visit ip138.com in a browser.

    Manage whitelists

    1. Log on to the AnalyticDB for PostgreSQL console.

    2. In the upper-left corner, select a region.

    3. Find the instance and click the instance ID.

    4. In the left-side navigation pane, click Security Controls.

    On the Security Controls page, you can create, modify, delete, or clear whitelists.

    Create a whitelist

    1. Click Create Whitelist.

    2. In the Create Whitelist panel, configure the following parameters.

      Important

      Setting the prefix length to 0 (for example, 0.0.0.0/0 or 127.0.0.1/0) allows all IP addresses to access the instance. This poses a high security risk. Proceed with caution.

      Note

      The IP address 127.0.0.1 means no external IP addresses are allowed to access the instance.

      Parameter Description
      Whitelist Name The name of the whitelist. The name must be 2–32 characters long, contain only lowercase letters, digits, and underscores (_), start with a lowercase letter, and end with a lowercase letter or digit.
      IP Addresses The IP addresses or CIDR blocks allowed to access the instance. Separate multiple entries with commas (,). You can specify up to 999 unique IP addresses. Accepted formats include specific IP addresses (for example, 10.23.12.24) and CIDR blocks (for example, 10.23.12.24/24, where /24 is the prefix length). The prefix length must be between 1 and 32 bits.

    3. Click OK.

    Modify a whitelist

    1. Find the whitelist and click Modify.

    2. In the Modify Whitelist panel, add or remove IP addresses or CIDR blocks in the IP Addresses section.

      Note

      The Whitelist Name cannot be modified.

    3. Click OK.

    Delete a whitelist

    Note

    The default whitelist cannot be deleted.

    1. Find the whitelist and click Delete.

    2. In the Delete Whitelist message, click OK.

    Clear the default whitelist

    1. Click Clear to the right of the default whitelist.

    2. In the Clear Whitelist message, click OK.

    After clearing, the default whitelist contains only 127.0.0.1, which means no external IP addresses can access the instance.

    API reference

    Operation Description
    DescribeDBInstanceIPArrayList Queries the IP addresses allowed to access an instance.
    ModifySecurityIps Modifies the IP addresses allowed to access an instance.