DataWorks:Configure an IP address whitelist

Obtain the required CIDR block or IP address

Synchronize data over the Internet

• Use the Internet access capability of an exclusive resource group.

  By default, exclusive resource groups provide the Internet access capability. If you want to use an exclusive resource group to access the Internet, you can perform the following steps to obtain the elastic IP address (EIP) that is used for the access:

  1. Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, click Resource Group.

  2. On the Exclusive Resource Groups tab of the Resource Groups page, find the desired resource group and click Details in the Actions column.

  3. On the page that appears, copy the EIP that is displayed next to EIPAddress.

• Use a virtual private cloud (VPC).

  You can associate an exclusive resource group with a VPC that you create and add a route for the resource group in the DataWorks console. This way, the traffic that is generated during Internet access is routed to the VPC. In this case, the egress public IP address of the exclusive resource group is the IP address of the VPC. For more information, see Create and manage an Internet NAT gateway.

Synchronize data over a VPC

1. Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, click Resource Group.

2. On the Exclusive Resource Groups tab of the Resource Groups page, find the desired resource group and click Network Settings in the Actions column.

3. On the VPC Binding tab of the page that appears, find the desired VPC association record and copy the CIDR block that is displayed in the vSwitch CIDR Block column.

Configure an IP address whitelist of a data source

The following types of data sources support the configuration of an IP address whitelist:

Data sources of fully managed cloud database services

Fully managed cloud database services provide the whitelist management capability. You can configure an IP address whitelist for a data source of a fully-managed cloud database service in the console of the service.

• ApsaraDB RDS. For more information, see Configure an IP address whitelist.

• PolarDB for MySQL. For more information, see Configure an IP whitelist.

• PolarDB-X 1.0. For more information, see Configure whitelists.

• ApsaraDB for MongoDB. For more information, see Modify an IP address whitelist for an instance.

• ApsaraMQ for Kafka. For more information, see Configure whitelists.

• Elasticsearch. For more information, see Configure a public or private IP address whitelist for an Elasticsearch cluster.

• AnalyticDB for MySQL. For more information, see Configure an IP address whitelist.

• ApsaraDB for Redis. For more information, see Configure whitelists.

Semi-managed database services

Access to semi-managed database services depends on the security group rules that are configured for the related Elastic Compute Service (ECS) instances.

• ApsaraDB for HBase. For more information, see Configure a whitelist.

• Self-managed data source that is hosted on an ECS instance. For more information, see Add a security group rule.

Data cannot be read from or written to a MaxCompute data source. This leads to data synchronization interruption of the MaxCompute data source. A latency of a long period of time occurs when data is synchronized to MaxCompute in real time. What do I do?

MaxCompute allows you to configure an IP address whitelist for a VPC by using MaxCompute Tunnel. You must check whether the VPC of the resource group for the synchronization task is added to the whitelist of MaxCompute Tunnel. For more information, see Manage IP address whitelists.