You can call the ModifySecurityIps operation to modify an IP address allowlist of an ApsaraDB RDS instance.

An IP address allowlist contains the IP addresses and CIDR blocks that are granted access to the instance. For more information about how to configure an IP address allowlist, see Configure an IP address allowlist for an ApsaraDB RDS instance.

Note Before you call this operation, make sure that the instance is in the Running state.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ModifySecurityIps

The operation that you want to perform. Set the value to ModifySecurityIps.

DBInstanceId String Yes pgm-bp18n0c8zt45****

The ID of the instance.

SecurityIps String Yes 10.23.XX.XX

The IP addresses and CIDR blocks that you want to include in the IP address allowlist. If the IP address allowlist contains more than one IP address or CIDR block, separate these IP addresses and CIDR blocks with commas (,). Each IP address or CIDR block in the IP address allowlist must be unique. For more information, see Configure an IP address allowlist for an ApsaraDB RDS instance. The entries in the IP address allowlist must be in one of the following formats:

  • IP addresses, such as 10.23.XX.XX.
  • CIDR blocks, such as 10.23.XX.XX/24. In this example, 24 indicates that the prefix of each IP address in the IP address allowlist is 24 bits in length. You can replace 24 with a value within the range of 1 to 32.
Note A maximum of 1,000 IP addresses and CIDR blocks can be configured for each instance. If you want to add a large number of IP addresses, we recommend that you merge them into CIDR blocks, such as 10.23.XX.XX/24.
DBInstanceIPArrayName String No test

The name of the IP address allowlist that you want to modify. Default value: Default.

Note A maximum of 200 IP address allowlists can be configured for each instance.
DBInstanceIPArrayAttribute String No hidden

The attribute of the IP address allowlist. By default, this parameter is empty.

Note The IP address allowlists that have the hidden attribute are not displayed in the ApsaraDB RDS console. These IP address allowlists are used to access Alibaba Cloud services, such as Data Transmission Service (DTS).
SecurityIPType String No IPv4

The type of IP address in the IP address allowlist.

The value is fixed as IPv4.

WhitelistNetworkType String No Classic

The network type of the IP address allowlist. Valid values:

  • Classic: classic network in enhanced allowlist mode
  • VPC: virtual private cloud (VPC) network type in enhanced allowlist mode.
  • MIX: standard allowlist mode.

Default value: MIX.

Note In standard allowlist mode, IP addresses and CIDR blocks are added only to the default IP address allowlist. In enhanced allowlist mode, IP addresses and CIDR blocks are added to the IP address allowlists of the classic network type and those of the VPC network type.
ModifyMode String No Cover

The method that is used to modify the IP address allowlist. Valid values:

  • Cover: Use the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to overwrite the existing IP addresses and CIDR blocks in the IP address allowlist.
  • Append: Add the IP addresses and CIDR blocks that are specified in the SecurityIps parameter to the IP address allowlist.
  • Delete: Delete the IP addresses and CIDR blocks that are specified in the SecurityIps parameter from the IP address allowlist. You must retain at least one IP address or CIDR block.

Default value: Cover.

FreshWhiteListReadins String No pgr-bp17yuz4dn3d****,pgr-bp1vn2ph54u1****

The read-only instances to which you want to synchronize the IP address allowlist.

  • This parameter applies only to ApsaraDB RDS for PostgreSQL instances.
  • If the instance is attached with a read-only instance, you can use this parameter to synchronize the IP address allowlist to the read-only instance. If the instance is attached with multiple read-only instances, the read-only instances must be separated by commas (,).
  • If the instance is not attached with a read-only instance, this parameter is empty.

Response parameters

Parameter Type Example Description
TaskId String 115855279

The ID of the task.

RequestId String 1AD222E9-E606-4A42-BF6D-8A4442913CEF

The ID of the request.

Examples

Sample requests

http(s)://rds.aliyuncs.com/?Action=ModifySecurityIps
&DBInstanceId=pgm-bp18n0c8zt45****
&SecurityIps=10.23.12.24
&<Common request parameters>

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<ModifySecurityIpsResponse>
	<RequestId> 1AD222E9-E606-4A42-BF6D-8A4442913CEF</RequestId>
	<TaskId>115855279</TaskId>
</ModifySecurityIpsResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : " 1AD222E9-E606-4A42-BF6D-8A4442913CEF",
  "TaskId" : 115855279
}

Error codes

HTTP status code Error code Error message Description
400 InvalidWhitelistNetType.Malformed Specified WhitelistNetType is not valid. The error message returned because the value of the WhitelistNetworkType parameter is invalid. Enter a valid value.
400 InvalidIPArrayAttribute.Format The format of the IP attribute is invalid. The error message returned because the value of the DBInstanceIPArrayAttribute parameter is in an invalid format. Enter a value in the valid format and try again. If the IP address allowlist contains multiple IP addresses or CIDR blocks, make sure that the IP addresses and CIDR blocks are unique and are separated by commas (,). The entries in the IP address allowlist must be in one of the following formats: IP addresses, such as 10.23.12.24. CIDR blocks, such as 10.23.12.0/24. In this case, 24 indicates that the prefix of each IP address is 24-bit long. You can replace 24 with a value within the range of 1 to 32.
400 InvalidSecurityIPList.Duplicate Specified security IP list is not valid: Duplicate IP address in the list. The error message returned because the specified IP addresses or CIDR blocks are invalid. The specified IP addresses or CIDR blocks are duplicate.
400 SecurityIPList.Format Specified SecurityIPList is not valid. The error message returned because the specified IP addresses or CIDR blocks are invalid.

For a list of error codes, visit the API Error Center.