All Products
Search
Document Center

AnalyticDB:Configure an IP address whitelist

Last Updated:Jul 29, 2024

To ensure security and stability, AnalyticDB for MySQL denies access from all IP addresses by default. Before you use an AnalyticDB for MySQL cluster, you must configure an IP address whitelist to allow access from external devices to the cluster.

Background information

  • The default IP address whitelist of an AnalyticDB for MySQL cluster contains only the IP address 127.0.0.1, which indicates that no devices are allowed to access the cluster. You can configure an IP address whitelist to allow other devices to access the cluster. For example, you can specify 10.10.10.0/24 to allow all IP addresses in 10.10.10.x to access the cluster. If you want to add multiple IP addresses or CIDR blocks, separate multiple entries with commas (,). Do not add spaces before or after the commas. Example: 192.168.0.1,172.16.213.9.

    Warning

    The IP address 0.0.0.0 is not allowed in a whitelist.

  • If your public IP addresses change frequently and you want to allow all public IP addresses to access an AnalyticDB for MySQL cluster, contact technical support.

  • You can configure an IP address whitelist to enable fine-grained access control for your AnalyticDB for MySQL cluster. We recommend that you update the whitelist on a regular basis.

  • The whitelist configuration does not affect the running of your AnalyticDB for MySQL cluster. The modification to an IP address whitelist takes effect in 1 minute.

Procedure

  1. Log on to the AnalyticDB for MySQL console.
  2. In the upper-left corner of the page, select the region where clusters reside.
  3. In the left-side navigation pane, click Clusters.
  4. On the Data Warehouse Edition tab, find the cluster that you want to manage and click the Cluster ID.

  5. In the left-side navigation pane, click Data Security.

  6. On the Whitelist Settings tab, click Modify to the right of the default whitelist.

    Note

    You can also click Create Whitelist to create an IP address whitelist.

  7. In the Edit Whitelist panel, remove the default IP address 127.0.0.1 and enter the IP addresses or CIDR blocks that you want to allow. Then, click OK.

    Note

    To add the egress IP address of the client to the IP address whitelist, query the IP address first. For more information, see Connections.