All Products
Search

This Product

    DataWorks:Connect to a data source over the internet

    Document Center

    DataWorks:Connect to a data source over the internet

    Last Updated:Mar 27, 2026

    By default, Serverless resource groups have no internet access. To connect DataWorks to a data source that is only reachable over the internet (for example, a MySQL instance with a public endpoint), you must configure an Internet NAT gateway and an elastic IP address (EIP) for the virtual private cloud (VPC) attached to the resource group. If the data source restricts access by IP address, add this EIP to the data source's allowlist.

    Not sure which resource group type you're using? See Resource groups for an overview.

    How it works

    Serverless resource groups do not have internet access by default. To reach a data source over the internet, configure an Internet NAT gateway and an EIP for the VPC attached to the resource group.

    Legacy resource groups have internet access by default and can connect directly.

    Legacy resource groups are being phased out. Use Serverless resource groups.

    Network connectivity diagram

    幻灯片9

    Prerequisites

    Before you begin, ensure that you have:

    Billing

    Serverless resource groups require an Internet NAT gateway and an EIP bound to their VPC to access the internet. For pricing details, see Billing of NAT Gateway and EIP billing overview.

    Configure network connectivity

    The following procedure describes the general workflow. For a concrete walkthrough, see the Configuration example at the end of this topic.

    Step 1: Collect basic information

    Data source side

    Public IP address of the data source server

    Connect to the data source server to get its public IP address, or contact your network administrator.

    DataWorks side

    Serverless resource group

    Serverless resource group — VPC and vSwitch

    1. Go to the DataWorks resource group list page. Find the target resource group and click Network Settings in the Actions column.

    2. Under the relevant feature module, view the bound VPC and vSwitch. For example, to connect a MySQL instance for data synchronization, find the VPC and vSwitch under Data Scheduling & Data Integration.

      image

    Legacy exclusive resource group

    Legacy resource group — EIP address

    1. Go to the DataWorks resource group list page. Find the target resource group and click Details in the Actions column.

    2. Record the EIP address shown on the details page.

      image

    Step 2: Establish the network connection

    • Serverless resource group: Configure an Internet NAT gateway and an EIP for the VPC. This gives the resource group internet access.

    • Legacy resource group: No extra configuration needed — it already has internet access.

    If you run into issues while setting up the connection, submit a ticket for the relevant cloud product.

    Step 3: (Optional) Add the egress IP to the data source allowlist

    If the data source restricts access by IP address, add the resource group's egress public IP to the allowlist.

    The example below shows how to do this for a MySQL database, where access is granted only from the resource group's EIP.

    1. Log in to the database as an administrator.

    2. Create a DataWorks user and grant it the necessary permissions.

      -- 'dataworks_user' is the username. Customize as needed.
-- 'StrongPassword123!' is the password. Customize as needed.
CREATE USER 'dataworks_user'@'<Public IP address bound to the resource group>' IDENTIFIED BY 'StrongPassword123!';

-- Grant access to a specific database (e.g., mydatabase) from the resource group's public IP address.
GRANT ALL PRIVILEGES ON mydatabase.* TO 'dataworks_user'@'<Public IP address bound to the resource group>' WITH GRANT OPTION;

    3. Refresh privileges and exit.

      FLUSH PRIVILEGES;
exit

    Verify network connectivity

    1. Log on to the DataWorks console. In the top navigation bar, select the region. In the left-side navigation pane, choose Data Integration > Data Integration. Select the workspace from the drop-down list and click Go to Data Integration.

    2. In the left-side navigation pane, click Data Source. On the data source page, click Add Data Source, select the data source type, and configure the connection parameters.

    3. In the resource group list at the bottom, select the resource group connected to the data source, and click Test Network Connectivity.

      If the connectivity test shows Failed, use the Network Connectivity Diagnosis Tool to troubleshoot. If the issue persists, submit a ticket for assistance.

      image

    Configuration example

    This example configures network connectivity for a MySQL instance with a public endpoint and a DataWorks workspace in the China (Shanghai) region.

    1. Basic information

    Parameter Data source (RDS for MySQL) DataWorks resource group
    Region - China (Shanghai)
    Network information Public IP address: 47.117.XX.XX VPC: vpc-shanghai; vSwitch: sh-l

    2. Establish the network connection

    This step applies to Serverless resource groups only. Use an Internet NAT gateway to give the resource group's VPC internet access. Legacy resource groups already have an EIP bound by default and require no extra configuration.

    If you run into issues, submit a ticket for the relevant cloud product.

    1. Go to the DataWorks resource group list page. Find the target resource group and click Network Settings in the Actions column.

    2. Under the relevant feature module, find the bound VPC and click the image icon to open the VPC's Basic Information page. For example, to connect a public MySQL instance for data synchronization, find the VPC under Data Scheduling & Data Integration and click the image icon.

      image

    3. Switch to the Resource Management tab. In the Access to Internet section, click Create Now under Internet NAT Gateway to enable internet access for the VPC. Configure the following parameters:

      Parameter Value
      Network and zone Select the same VPC and vSwitch bound to the resource group
      EIP Select Purchase EIP
      Service-linked role Click Create Service-linked Role (required the first time)

    4. Click Buy Now and complete the payment.

      image

    5. After the NAT gateway is created, configure an SNAT entry so the resource group can reach the internet through the EIP. When the SNAT entry status changes to Available, the VPC has internet access.

      1. Click Manage in the Actions column of the new NAT gateway to open its management page, then switch to the SNAT Management tab.

      2. On the SNAT Entry List tab, click Create SNAT Entry and configure the following parameters:

        Parameter Value
        SNAT entry Select Specify VPC to route all resource groups in the VPC through the EIP
        EIP Select the EIP bound to the NAT gateway

      3. Click OK.

      Resource groups in the VPC can access the internet only after you create an SNAT entry.

    3. Add the EIP to the MySQL allowlist

    1. Get the resource group's egress public IP address.

      Serverless resource group

      1. Go to the VPC console. In the left-side navigation pane, click NAT Gateway > Internet NAT Gateway.

      2. Find the NAT gateway you created and copy the address from the EIP column.

        image

      Legacy exclusive resource group

      1. Go to the DataWorks resource group list page. Click Details in the Actions column.

      2. Copy the EIP address from the details page. image

    2. Log in to the database as an administrator.

    3. Create a DataWorks user and grant it access from the resource group's EIP.

      -- 'dataworks_user' is the username. Customize as needed.
-- 'StrongPassword123!' is the password. Customize as needed.
CREATE USER 'dataworks_user'@'<Public IP address bound to the resource group>' IDENTIFIED BY 'StrongPassword123!';

-- Grant access to a specific database (e.g., mydatabase) from the resource group's public IP address.
GRANT ALL PRIVILEGES ON mydatabase.* TO 'dataworks_user'@'<Public IP address bound to the resource group>' WITH GRANT OPTION;

    4. Refresh privileges and exit.

      FLUSH PRIVILEGES;
exit

    4. Test connectivity

    1. Log on to the DataWorks console. In the top navigation bar, select the region. In the left-side navigation pane, choose Data Integration > Data Integration. Select the workspace from the drop-down list and click Go to Data Integration.

    2. In the left-side navigation pane, click Data Source, then click Add Data Source.

    3. Select the MySQL data source type and configure the parameters:

      Parameter Value
      Configuration mode Connection String Mode
      Host IP address 47.117.XX.XX (the MySQL server's public IP address)
      Port number 3306
      Database name Name of an existing database
      Username and Password The credentials created in Step 3 (dataworks_user)

    4. In the Connection Configuration section, select the resource group, click Test Connectivity, and verify that the result shows Connected.

      If the test fails, use the Network Connectivity Diagnosis Tool to troubleshoot. If the issue persists, submit a ticket for assistance.

      image