All Products
Search

This Product

    ApsaraDB for OceanBase:Add a whitelist for a Kafka data source

    Document Center

    ApsaraDB for OceanBase:Add a whitelist for a Kafka data source

    Last Updated:Jul 01, 2025

    This topic describes how to add a whitelist for an Alibaba Cloud Kafka instance or a self-managed Kafka instance in a VPC.

    Background

    OceanBase Database supports the following types of Kafka instance as the data source: Alibaba Cloud Kafka Instance, Self-Managed Kafka Instance in VPC, and Public Network Kafka Instance. OceanBase Migration Service (OMS) uses a public IP address to access the public network. Therefore, if you use a public network data source, you must add a whitelist of public IP addresses for the data source. You do not need to add the whitelist when you use other types of data sources.

    Add a whitelist for an Alibaba Cloud Kafka instance

    If you set the instance type to Alibaba Cloud Kafka Instance when you add a Kafka data source, set a whitelist for the Alibaba Cloud Kafka instance.

    1. Select Kafka Instance ID and Access Point, and then click the copy icon on the right side to copy and save the instance ID and access point.

      Kafka instance ID

    2. Go to the Instances page of the Message Queue for Apache Kafka console and click the name of the desired instance to enter its details page.

    3. In the Endpoint Information section of the Instance Details page, click Edit Whitelist for the endpoint.

    4. In the Edit Endpoint Whitelist dialog box, click Add Whitelist IP, enter an IP address or a CIDR block, and click OK.

    Add a whitelist to an ECS instance

    If you set the instance type to Self-Managed Kafka Instance in VPC when you add a Kafka data source, add the IP address of the OMS server to the whitelist of the corresponding database. This is because a VPC may have access restrictions on the ECS platform. However, a data source for data migration or synchronization must be accessible to the IP address of the OMS server.

    1. Select the desired VPC from the drop-down list of the VPC field, and click the copy icon on the right side to copy and save the VPC ID.

      VPC ID

    2. Go to the Security Groups page of the ECS console. Select VPC ID from the drop-down list next to Create Security Group and filter security groups by the VPC ID.

      Filter

    3. Click the name of the desired security group to go to its details page.

    4. Add an IP address in the Inbound section.

      1. Copy the IP address of the OMS server from the Add Data Source dialog box on the OMS console.

        The IP address.

      2. On the security group details page, click Quick Add in the Inbound section of Access Rule.

        You can also click Add Rule to manually add information such as Port Range and Authorization Object.

        Quick Add

      3. In the Quick Add dialog box, paste the IP address to the Authorization Object field and select a corresponding port range from Port Range.

        For example, the port range for a Kafka instance is the port corresponding to the selected access point.

        Quick Add

      4. Click OK.