After you create an ApsaraDB for HBase instance, you must configure an IP address whitelist or security groups for the instance. When you configure security groups for the ApsaraDB for HBase instance, select the security groups to which the Elastic Compute Service (ECS) instances that you allow to access the ApsaraDB for HBase instance belong. This way, only the clients allowed by the whitelist or security groups can access the ApsaraDB for HBase instance.

Background information

By default, a newly created ApsaraDB for HBase instance is inaccessible. This ensures database security.

Whitelisting methods

Method Description
Method 1: Configure an IP address whitelist To allow a client to access an ApsaraDB for HBase instance, add the IP address of the client to the IP address whitelist of the instance.
Method 2: Configure ECS security groups as whitelists A security group is a virtual firewall that is used to control the inbound and outbound traffic of ECS instances in the security group. To allow multiple ECS instances to access an ApsaraDB for HBase instance, you can associate the ApsaraDB for HBase instance with the security groups to which the ECS instances belong. This way, you do not need to manually specify the IP addresses of the ECS instances. This simplifies O&M.

Method 1: Configure an IP address whitelist

  1. Log on to the ApsaraDB for HBase console.
  2. In the top navigation bar, select the region where your ApsaraDB for HBase instance is deployed.
  3. On the Clusters page, find the instance and click the instance ID.
  4. In the left-side navigation pane, click Access Control.
  5. On the Whitelist Setting tab, click Modify Whitelist.
    Access control
  6. In the Modify Whitelist dialog box, specify the IP addresses or CIDR blocks for which you want to enable access to the instance, and then click OK.
    Note
    • The default whitelist contains only 127.0.0.1. If the default whitelist is used, no client is allowed to access the instance.
    • If you enter 0.0.0.0/0 in the Whitelist field or leave the field empty, access requests from all IP addresses are allowed. To ensure database security, we recommend that you do not enter 0.0.0.0 or 0.0.0.0/0 in the Whitelist field.
    • If you want to use a public IP address to access open source components, enter the public IP address in the Whitelist field.

Method 2: Configure ECS security groups as whitelists

Note If this method is used, make sure that the ECS instances in the specified security groups have the same network type as the ApsaraDB for HBase instance. If the ApsaraDB for HBase instance is deployed in a virtual private cloud (VPC), the ECS instances must be deployed in the same VPC.
  1. Log on to the ApsaraDB for HBase console.
  2. In the top navigation bar, select the region where your ApsaraDB for HBase instance is deployed.
  3. On the Clusters page, find the instance and click the instance ID.
  4. In the left-side navigation pane, click Access Control.
  5. On the Security Group tab, click Add Security Group.
    Click the Security Group tab
  6. In the Add Security Group dialog box, select the security groups and click OK.
    Add security groups