ApsaraDB for RDS provides a complete set of security measures to guarantee data security.

DDoS protection

If DDoS attacks are detected, the security system of RDS enables traffic cleaning first. If traffic cleaning fails or the attacks reach the blackhole threshold, blackhole filtering is triggered. For more information, see Attack protection.

Note We recommend that you access RDS instances through the intranet to prevent DDoS attacks.

Access control

  • IP addresses can access your RDS instance only after you add them to the whitelists of the RDS instance. IP addresses that are not in the whitelists cannot access the RDS instance.
  • Each account can only view and operate its own databases.

For more information, see access control.

System security

  • RDS is protected by multiple firewall layers that block various network attacks to guarantee data security.
  • Direct logon to the RDS server is not allowed. Only the ports required by certain database services are open.
  • The RDS server cannot initiate an external connection. It can only accept access requests.

For more information, see Network isolation.

Professional security team

Aliabab Cloud security team is responsible for guaranteeing the security of RDS.

Get started