ModifySecurityIps - ApsaraDB RDS - Alibaba Cloud Documentation Center

You can call the ModifySecurityIps operation to modify an IP address allowlist of an ApsaraDB RDS instance.

Operation Description

An IP address allowlist contains the IP addresses and CIDR blocks that are granted access to the instance. For more information about how to configure an IP address allowlist, see Configure an IP address allowlist for an ApsaraDB RDS instance.

NoteBefore you call this operation, make sure that the instance is in the Running state.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Association operation
rds:ModifySecurityIps	WRITE	RDS acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}	rds:ResourceTag	none

Request parameters

Parameter	Type	Required	Description	Example
DBInstanceId	string	Yes	The ID of the instance.	pgm-bp18n0c8zt45****
SecurityIps	string	Yes	The IP addresses and CIDR blocks that you want to include in the IP address allowlist. If the IP address allowlist contains more than one IP address or CIDR block, separate these IP addresses and CIDR blocks with commas (,). Each IP address or CIDR block in the IP address allowlist must be unique. For more information, see Configure an IP address allowlist for an ApsaraDB RDS instance. The entries in the IP address allowlist must be in one of the following formats: IP addresses, such as 10.23.XX.XX. CIDR blocks, such as 10.23.XX.XX/24. In this example, 24 indicates that the prefix of each IP address in the IP address allowlist is 24 bits in length. You can replace 24 with a value within the range of 1 to 32. NoteA maximum of 1,000 IP addresses and CIDR blocks can be configured for each instance. If you want to add a large number of IP addresses, we recommend that you merge them into CIDR blocks, such as 10.23.XX.XX/24.	10.23.XX.XX
DBInstanceIPArrayName	string	No	The name of the IP address allowlist that you want to modify. Default value: Default. NoteA maximum of 200 IP address allowlists can be configured for each instance.	test
DBInstanceIPArrayAttribute	string	No	The attribute of the IP address allowlist. By default, this parameter is empty. NoteThe IP address allowlists that have the hidden attribute are not displayed in the ApsaraDB RDS console. These IP address allowlists are used to access Alibaba Cloud services, such as Data Transmission Service (DTS).	hidden
SecurityIPType	string	No	The type of IP address in the IP address allowlist. The value is fixed as IPv4.	IPv4
WhitelistNetworkType	string	No	The network type of the IP address allowlist. Valid values: Classic: classic network in enhanced allowlist mode VPC: virtual private cloud (VPC) network type in enhanced allowlist mode. MIX: standard allowlist mode. Default value: MIX. NoteIn standard allowlist mode, IP addresses and CIDR blocks are added only to the default IP address allowlist. In enhanced allowlist mode, IP addresses and CIDR blocks are added to the IP address allowlists of the classic network type and those of the VPC network type.	Classic
ModifyMode	string	No	The method that is used to modify the IP address allowlist. Valid values: Cover: Use the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to overwrite the existing IP addresses and CIDR blocks in the IP address allowlist. Append: Add the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to the IP address allowlist. Delete: Delete the IP addresses and CIDR blocks that are specified in the SecurityIps parameter from the IP address allowlist. You must retain at least one IP address or CIDR block. Default value: Cover.	Cover
FreshWhiteListReadins	string	No	The read-only instances to which you want to synchronize the IP address allowlist. This parameter applies only to ApsaraDB RDS for PostgreSQL instances. If the instance is attached with a read-only instance, you can use this parameter to synchronize the IP address allowlist to the read-only instance. If the instance is attached with multiple read-only instances, the read-only instances must be separated by commas (,). If the instance is not attached with a read-only instance, this parameter is empty.	pgr-bp17yuz4dn3d**,pgr-bp1vn2ph54u1**

Response parameters

Parameter	Type	Description	Example
	object
TaskId	string	The ID of the task.	115855279
RequestId	string	The ID of the request.	1AD222E9-E606-4A42-BF6D-8A4442913CEF

Examples

Sample success responses

JSONformat

{
  "TaskId": "115855279",
  "RequestId": " 1AD222E9-E606-4A42-BF6D-8A4442913CEF"
}

Error codes

HTTP status code	Error code	Error message	Description
400	IncorrectMasterDBInstanceState	Master instance state does not support this operation.	-
400	InvalidWhitelistNetType.Malformed	Specified WhitelistNetType is not valid.	The specified WhitelistNetworkType is invalid. Please check again.
400	InvalidIPArrayAttribute.Format	The format of the IP attribute is invalid.	The specified DBInstanceIPArrayAttribute parameter is invalid. Specify a valid value and try again. If the value that you specify contains multiple entries, separate the entries with commas (,). Each entry must be unique. Valid entries are in one of the following formats: IP address, such as 10.23.12.24. CIDR, such as 10.23.12.0/24. In this example, 24 indicates that the prefix in each IP address is 24 bits in length. You can replace 24 with an integer within the range of 1 to 32.
400	InvalidSecurityIPList.Duplicate	Specified security IP list is not valid: Duplicate IP address in the list.	The IP address whitelist is invalid. It contains duplicate entries.
400	SecurityIPList.Format	Specified SecurityIPList is not valid.	The specified IP address whitelist is invalid.
403	IncorrectDBType	The current DB type does not support this operation.	The operation failed. The operation is not supported by the database engine of the RDS instance. Specify a different database engine.
403	IncorrectDBInstanceType	Current DB instance type does not support this operation.	The operation failed. The RDS instance is not in a ready state.
403	IncorrectDBInstanceCharacterType	Current DB Instance character_type does not support this operation.	This operation is not supported for the character type of the current instance.
403	IncorrectDBInstanceState	Current DB instance state does not support this operation.	-
403	IncorrectEngineVersion	The engine version does not support the operation.	The operation failed. The operation is not supported for the database engine version of the RDS instance.
404	Readins.NotFound	The current instance does not contain any read only instance. The operation is not supported.	The operation failed. The RDS instance is not attached with read-only RDS instances.
404	InvalidDBInstanceName.NotFound	The database instance does not exist.	The name of the RDS instance cannot be found. Check the name of the RDS instance.
404	InvalidDBInstance.NotFound	The specified instance does not exist or is not supported.	The RDS instance cannot be found. Check the ID or name of the RDS instance.
404	IncorrectDBInstanceLockMode	Current DB instance lock mode does not support this operation.	The operation failed. The RDS instance is locked.

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2022-10-28

The error codes of the API operation change.

Change item	Change content
Error Codes	The error codes of the API operation change.
	Error Codes 404 change
	delete Error Codes: 400
	Added Error Codes: 403

2022-09-01

The error codes of the API operation change.

Change item	Change content
Error Codes	The error codes of the API operation change.
	Error Codes 404 change
	delete Error Codes: 400