This topic describes how to configure an IP address whitelist for an ApsaraDB RDS for MySQL instance. After an RDS instance is created, you must configure IP address whitelists for the RDS instance. A device can access the RDS instance only after you add the IP address of the device to an IP address whitelist of the RDS instance .

Prerequisites

An ApsaraDB RDS for MySQL instance is created. For more information, see Create an ApsaraDB RDS for MySQL instance.

Procedure

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Data Security.
  3. View the network isolation mode of the RDS instance.
    Note Existing RDS instances may run in enhanced whitelist mode. All new RDS instances run in standard whitelist mode.
    Figure 1. Standard whitelist mode
    Standard whitelist mode
    Figure 2. Enhanced whitelist mode
    Enhanced whitelist mode
  4. Click Modify to the right of the IP address whitelist labeled default.
    Note You can also click Create Whitelist to create an IP address whitelist.
    Modify
  5. Use one of the following methods to configure an IP address whitelist for the RDS instance:
    • Method 1: Add the IP address of the server on which your application is deployed to the IP Addresses box. For more information about how to obtain the IP address of a server, see the "How to obtain IP addresses" section of this topic.
      Note
      • If you add multiple IP addresses and CIDR blocks to an IP address whitelist, you must separate the IP addresses and CIDR blocks with commas (,) and leave no spaces before and after each comma.
      • You can add a maximum of 1,000 IP addresses and CIDR blocks in total for each RDS instance. If you want to add a large number of IP addresses, we recommend that you merge the IP addresses into CIDR blocks, such as 10.10.10.0/24.
      • If an RDS instance runs in standard whitelist mode, you do not need to take note of special considerations when you configure IP address whitelists for the RDS instance. If an RDS instance runs in enhanced whitelist mode, you must take note of the following considerations when you configure IP address whitelists for the RDS instance:
        • Add the public IP addresses or private IP addresses of classic network-hosted Elastic Compute Service (ECS) instances to IP address whitelists of the classic network type.
        • Add the private IP addresses of VPC-hosted ECS instances to IP address whitelists of the VPC network type.
    • Method 2: Click Loading ECS Inner IP to load the IP addresses of all ECS instances that are created within your Alibaba Cloud account. Then, select IP addresses and add them to an IP address whitelist. Loading ECS Inner IP

    The server on which your application is deployed can access the RDS instance only after you add the IP address of the server to an IP address whitelist of the RDS instance.

  6. Click OK.

What to do next

Use a database client or the CLI to connect to an ApsaraDB RDS for MySQL instance

References

How to obtain IP addresses

Table 1. IP addresses to be obtained
Use scenario IP address to be obtained How to obtain the IP address
You want to connect to the RDS instance from an ECS instance, and the ECS instance and the RDS instance meet the conditions for communication over an internal network. For more information, see the "Step 1: Check whether your application can connect to the RDS instance over an internal network" section of this topic. The private IP address of the ECS instance
  1. Log on to the ECS console and go to the Instances page.
  2. In the top navigation bar, select the region where the ECS instance resides.
  3. View the public IP address and private IP address of the ECS instance. The public IP address and private IP address of an ECS instance
You want to connect to the RDS instance from an ECS instance. However, the ECS instance and the RDS instance do not meet the conditions for communication over an internal network. The public IP address of the ECS instance
You want to connect to the RDS instance from an on-premises device. The public IP address of the on-premises device On the on-premises device, use a search engine such as Google to search for IP.
Note The IP address that you obtain by using this method may be inaccurate. For more information about how to obtain the accurate IP address of an on-premises device, see Why am I unable to connect to my ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instance from a local server over the Internet?