This topic describes how to connect to an ApsaraDB RDS instance over the Internet or an internal network. We recommend that you establish a connection over an internal network to ensure data security and transmission efficiency.

Note You can check the network type of the RDS instance and choose a connection method based on the network type of the RDS instance. For more information, see Use a database client or the CLI to connect to an ApsaraDB RDS for MySQL instance.

Connect to an RDS instance over the Internet

If you want to connect to an RDS instance over the Internet, you must use the public endpoint of the RDS instance. By default, an RDS instance is not provided with a public endpoint. You must apply for a public endpoint for an RDS instance. For more information, see Apply for or release a public endpoint for an ApsaraDB RDS for MySQL instance.

Note
  • If you connect to an RDS instance by using the public endpoint, security is compromised. Proceed with caution.
  • For faster transmission and higher security, we recommend that you migrate your application to an Elastic Compute Service (ECS) instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance by using the internal endpoint.

After you obtain a public endpoint, you can use the public endpoint to connect to the RDS instance. For more information, see the "References" section of this topic.

Connect to an RDS instance over an internal network

If you want to connect to an RDS instance over an internal network, you must use the internal endpoint of the RDS instance. For more information about how to view the internal endpoint of an RDS instance, see View and change the internal and public endpoints and port numbers of an ApsaraDB RDS for MySQL instance.

Prerequisites

In most cases, you can connect to an RDS instance over an internal network only from an ECS instance. To connect to an RDS instance from an on-premises data center, you must establish a physical connection between the data center and the RDS instance. For more information, see Connect an on-premises data center to a VPC through a physical connection.

When you connect to an RDS instance over an internal network from an ECS instance, make sure that the following requirements are met:

  • The ECS instance and the RDS instance are created within the same Alibaba Cloud account.
  • The ECS instance and the RDS instance reside in the same region.
  • The ECS instance and the RDS instance reside in the same type of network.
  • If the ECS instance and the RDS instance both reside in virtual private clouds (VPCs), these instances must reside in the same VPC.
  • The private IP address of the ECS instance is added to an IP address whitelist of the RDS instance. For more information, see Configure a whitelist.

If all the preceding requirements are met, you can connect the ECS instance to the RDS instance by using the internal endpoint of the RDS instance. For more information, see the "References" section of this topic.

FAQ

  • How do I prohibit access to my RDS instance over the Internet?

    Make sure that the IP address whitelists of your RDS instance contain only private IP addresses. You can also release the public endpoint of your RDS instance. For more information, see Apply for or release a public endpoint for an ApsaraDB RDS for MySQL instance.

  • Why am I unable to change the network type of my RDS instance from VPC to classic network?

    Some RDS instances do not support the classic network type and support only the VPC network type. For more information, see Change the network type of an ApsaraDB RDS for MySQL instance.

  • Why is my RDS instance disconnected from an ECS instance even though the public IP address of the ECS instance is added to an IP address whitelist of my RDS instance?

    A possible cause is that the public IP address of the ECS instance is changed. In this case, you must add the new public IP address of the ECS instance to an IP address whitelist of your RDS instance.

References