ApsaraDB for OceanBase (Deprecated):Add a whitelist for a MySQL data source

Background

The following types of instances are supported as a MySQL data source: RDS Instance, PolarDB Instance, Self-Managed Database in VPC, and Self-Managed Database with Public IP Address. The public IP address of the data transmission service acts as its public egress IP address and needs to be added only to the whitelist of any public network data source it needs to access. You do not need to add a whitelist when you use other types of data sources.

Add a whitelist for an RDS for MySQL instance

If you set the instance type to RDS Instance when you add a MySQL data source, set an IP address whitelist for the instance.

1. Select the desired RDS instance from the drop-down list of the RDS Instance ID field, and click the copy icon on the right side to copy the ID of the RDS instance.

   

2. Go to the Instances page of the ApsaraDB for RDS console and click the name of the instance to enter its details page.

3. In the left-side navigation pane, click Data Security.

4. On the Whitelist Settings tab, click Modify for the target group.

   

5. In the Modify Whitelist Group dialog box, add a Group Whitelist.

   The IP addresses in the whitelist are those of the data transmission servers displayed in the New Data Source dialog box when you create a data source in the Data Transmission module.

   Important

   • Multiple IP addresses must be separated with commas (,), and no spaces are allowed before or after the commas.

   • You can add up to 1,000 IP addresses or CIDR blocks to an instance. If a large number of IP addresses are to be added, we recommend that you combine them into CIDR blocks. Example: 10.10.10.0/24.

   • 127.0.0.1 indicates that no access is allowed from any IP address.

6. Click OK.

Add a whitelist for a PolarDB for MySQL instance

If you set the instance type to PolarDB Instance when you add a MySQL data source, set an IP address whitelist for the instance.

1. Select the desired PolarDB instance from the drop-down list of the PolarDB Instance ID field, and click the copy icon on the right side to copy the ID of the PolarDB instance.

   

2. Go to the Clusters page of the ApsaraDB for PolarDB console and click the name of the corresponding cluster to enter its details page.

3. In the left-side navigation pane, choose Settings and Management > Whitelists.

4. On the IP List page, click Add IP Whitelist.

   You can also click Modify next to an existing whitelist to edit it.

   

5. In the Add IP Whitelist dialog box, configure the parameters.

   Parameter	Description
   IP Whitelist Name	The name must be 2 to 120 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a letter and end with a letter or digit.
   IP Addresses	Copy the IP addresses of the data transmission servers displayed in the New Data Source dialog box that appears when you create a data source in the Data Transmission module and paste them here. Note the following rules: You can enter an IP address such as 192.168.0.1 or a CIDR block such as 192.168.0.0/24. Multiple IP addresses and CIDR blocks must be separated with commas (,). Example: 192.168.0.1,192.168.0.0/24. 127.0.0.1 indicates that no access is allowed from any IP address. You can create up to 50 IP address whitelists and add up to 1,000 IP addresses or CIDR blocks to all the whitelists.

6. Click OK.

Add a whitelist for an ECS instance

If you set the instance type to Self-Managed Database in VPC when you add a MySQL data source, add the IP addresses of the data transmission servers to the whitelist of the corresponding database. This is because a self-managed database in a VPC or a database gateway may have access restrictions on the Elastic Compute Service (ECS) platform. However, a data source for data migration or synchronization must be accessible to the IP address of the data transmission server.

1. Copy the ID of the VPC.

   When the instance type is Self-Managed Database in VPC, select the desired VPC from the drop-down list of the VPC field and click the copy icon on the right side to copy the ID of the VPC.

   

2. Go to the Security Groups page of the ECS console. Select VPC ID from the drop-down list next to Create Security Group and paste the VPC ID to filter security groups.

   

3. Click the name of the target security group to go to its details page.

4. Add an IP address on the Inbound tab.

   1. Copy the IP addresses of the data transmission servers displayed in the New Data Source dialog box of the ApsaraDB for OceanBase console.

      

   2. On the security group details page, click Quick Add on the Inbound tab in the Access Rule section.

      You can also click Add Rule to manually add information such as Port Range and Authorization Object.

      

   3. In the Quick Add dialog box, paste the IP address to the Authorization Object field and select a corresponding port range from the Port Range section.

      For example, the port range may be 1521 for Oracle and 3306 for MySQL.

      

   4. Click OK.