All Products
Search
Document Center

ApsaraDB RDS:ModifySecurityIps

Last Updated:May 16, 2023

Modifies an IP address whitelist of an instance.

Operation Description

An IP address whitelist contains the IP addresses and CIDR blocks that are granted access to the instance. For more information about how to configure an IP address whitelist, see Configure an IP address whitelist for an ApsaraDB RDS instance.

NoteBefore you call this operation, make sure that the instance is in the Running state. If the instance is not in the Running state, the operation fails.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
rds:ModifySecurityIpsWRITE
  • RDS
    acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
  • rds:ResourceTag
none

Request parameters

ParameterTypeRequiredDescriptionExample
DBInstanceIdstringYes

The ID of the instance.

pgm-bp18n0c8zt45****
SecurityIpsstringYes

The IP addresses and CIDR blocks that you want to include in the IP address whitelist. If the IP address whitelist contains more than one IP address or CIDR block, separate these IP addresses and CIDR blocks with commas (,). Each IP address or CIDR block in an IP address whitelist must be unique. For more information, see Configure an IP address whitelist for an ApsaraDB RDS instance. The entries in the IP address whitelist must be in one of the following formats:

  • IP addresses, such as 10.23.XX.XX.
  • CIDR blocks, such as 10.23.XX.XX/24. In this example, 24 indicates that the prefix of each IP address in the IP address whitelist is 24 bits in length. You can replace 24 with a value within the range of 1 to 32.
NoteA maximum of 1,000 IP addresses or CIDR blocks can be added for each instance. If you want to add a large number of IP addresses, we recommend that you merge them into CIDR blocks, such as 10.23.XX.XX/24.
10.23.XX.XX
DBInstanceIPArrayNamestringNo

The name of the IP address whitelist that you want to modify. Default value: Default.

NoteA maximum of 200 IP address whitelists can be configured for each instance.
test
DBInstanceIPArrayAttributestringNo

The attribute of the IP address whitelist. By default, this parameter is empty.

NoteThe IP address whitelists that have the hidden attribute are not displayed in the ApsaraDB RDS console. These IP address whitelists are used to access Alibaba Cloud services, such as Data Transmission Service (DTS).
hidden
SecurityIPTypestringNo

The type of the IP addresses in the IP address whitelist. Set the value to IPv4. IPv6 is not supported.

IPv4
WhitelistNetworkTypestringNo

The network type of the IP address whitelist. Valid values:

  • Classic: classic network in enhanced whitelist mode
  • VPC: virtual private cloud (VPC) in enhanced whitelist mode
  • MIX: standard whitelist mode

Default value: MIX.

NoteIn standard whitelist mode, IP addresses and CIDR blocks are added only to the default IP address whitelist. In enhanced whitelist mode, IP addresses and CIDR blocks are added to the IP address whitelists of the classic network type and the VPC network type.
Classic
ModifyModestringNo

The method that is used to modify the IP address whitelist. Valid values:

  • Cover: Use the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to overwrite the existing IP addresses and CIDR blocks in the IP address whitelist.
  • Append: Add the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to the IP address whitelist.
  • Delete: Delete the IP addresses and CIDR blocks that are specified in the SecurityIps parameter from the IP address whitelist. You must retain at least one IP address or CIDR block.

Default value: Cover.

Cover
FreshWhiteListReadinsstringNo

The read-only instances to which you want to synchronize the IP address whitelist.

  • This parameter applies only to ApsaraDB RDS for PostgreSQL instances.
  • If the instance is attached with a read-only instance, you can use this parameter to synchronize the IP address whitelist to the read-only instance. If the instance is attached with multiple read-only instances, separate the read-only instances with commas (,).
  • If the instance is not attached with a read-only instance, leave this parameter empty.
pgr-bp17yuz4dn3d****,pgr-bp1vn2ph54u1****

Response parameters

ParameterTypeDescriptionExample
object
TaskIdstring

The ID of the task.

115855279
RequestIdstring

The ID of the request.

1AD222E9-E606-4A42-BF6D-8A4442913CEF

Examples

Sample success responses

JSONformat

{
  "TaskId": "115855279",
  "RequestId": " 1AD222E9-E606-4A42-BF6D-8A4442913CEF"
}

Error codes

HTTP status codeError codeError messageDescription
400IncorrectMasterDBInstanceStateMaster instance state does not support this operation.-
400InvalidWhitelistNetType.MalformedSpecified WhitelistNetType is not valid.The specified WhitelistNetworkType is invalid. Please check again.
400InvalidIPArrayAttribute.FormatThe format of the IP attribute is invalid.The specified DBInstanceIPArrayAttribute parameter is invalid. Specify a valid value and try again. If the value that you specify contains multiple entries, separate the entries with commas (,). Each entry must be unique. Valid entries are in one of the following formats: IP address, such as 10.23.12.24. CIDR, such as 10.23.12.0/24. In this example, 24 indicates that the prefix in each IP address is 24 bits in length. You can replace 24 with an integer within the range of 1 to 32.
400InvalidSecurityIPList.DuplicateSpecified security IP list is not valid: Duplicate IP address in the list.The IP address whitelist is invalid. It contains duplicate entries.
400SecurityIPList.FormatSpecified SecurityIPList is not valid.The specified IP address whitelist is invalid.
403IncorrectDBTypeThe current DB type does not support this operation.The operation failed. The operation is not supported by the database engine of the RDS instance. Specify a different database engine.
403IncorrectDBInstanceTypeCurrent DB instance type does not support this operation.The operation failed. The RDS instance is not in a ready state.
403IncorrectDBInstanceCharacterTypeCurrent DB Instance character_type does not support this operation.This operation is not supported for the character type of the current instance.
403IncorrectDBInstanceStateCurrent DB instance state does not support this operation.-
403IncorrectEngineVersionThe engine version does not support the operation.The operation failed. The operation is not supported for the database engine version of the RDS instance.
404Readins.NotFoundThe current instance does not contain any read only instance. The operation is not supported.The operation failed. The RDS instance is not attached with read-only RDS instances.
404InvalidDBInstanceName.NotFoundThe database instance does not exist.The name of the RDS instance cannot be found. Check the name of the RDS instance.
404InvalidDBInstance.NotFoundThe specified instance does not exist or is not supported.The RDS instance cannot be found. Check the ID or name of the RDS instance.
404IncorrectDBInstanceLockModeCurrent DB instance lock mode does not support this operation.The operation failed. The RDS instance is locked.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2022-10-28The error codes of the API operation change.
Change itemChange content
Error CodesThe error codes of the API operation change.
    Error Codes 404 change
    delete Error Codes: 400
    Added Error Codes: 403
2022-09-01The error codes of the API operation change.
Change itemChange content
Error CodesThe error codes of the API operation change.
    Error Codes 404 change
    delete Error Codes: 400