After you create an ApsaraDB for HBase instance, you must configure an IP address
whitelist or security groups for the instance. When you configure security groups
for the ApsaraDB for HBase instance, select the security groups to which the Elastic
Compute Service (ECS) instances that you allow to access the ApsaraDB for HBase instance
belong. This way, only the clients allowed by the whitelist or security groups can
access the ApsaraDB for HBase instance.
Background information
By default, a newly created ApsaraDB for HBase instance is inaccessible. This ensures
database security.
Whitelisting methods
Method |
Description |
Method 1: Configure an IP address whitelist |
To allow a client to access an ApsaraDB for HBase instance, add the IP address of
the client to the IP address whitelist of the instance.
|
Method 2: Configure ECS security groups as whitelists |
A security group is a virtual firewall that is used to control the inbound and outbound traffic of
ECS instances in the security group. To allow multiple ECS instances to access an
ApsaraDB for HBase instance, you can associate the ApsaraDB for HBase instance with
the security groups to which the ECS instances belong. This way, you do not need to
manually specify the IP addresses of the ECS instances. This simplifies O&M.
|
Method 1: Configure an IP address whitelist
- Log on to the ApsaraDB for HBase console.
- In the top navigation bar, select the region where your ApsaraDB for HBase instance
is deployed.
- On the Clusters page, find the instance and click the instance ID.
- In the left-side navigation pane, click Access Control.
- On the Whitelist Setting tab, click Modify Whitelist.
- In the Modify Whitelist dialog box, specify the IP addresses or CIDR blocks for which you want to enable
access to the instance, and then click OK.
Note
- The default whitelist contains only 127.0.0.1. If the default whitelist is used, no
client is allowed to access the instance.
- If you enter 0.0.0.0/0 in the Whitelist field or leave the field empty, access requests
from all IP addresses are allowed. To ensure database security, we recommend that
you do not enter 0.0.0.0 or 0.0.0.0/0 in the Whitelist field.
- If you want to use a public IP address to access open source components, enter the
public IP address in the Whitelist field.
Method 2: Configure ECS security groups as whitelists
Note If this method is used, make sure that the ECS instances in the specified security
groups have the same network type as the ApsaraDB for HBase instance. If the ApsaraDB
for HBase instance is deployed in a virtual private cloud (VPC), the ECS instances
must be deployed in the same VPC.
- Log on to the ApsaraDB for HBase console.
- In the top navigation bar, select the region where your ApsaraDB for HBase instance
is deployed.
- On the Clusters page, find the instance and click the instance ID.
- In the left-side navigation pane, click Access Control.
- On the Security Group tab, click Add Security Group.
- In the Add Security Group dialog box, select the security groups and click OK.