This topic describes how to switch an ApsaraDB RDS for MariaDB TX instance from the standard whitelist mode to the enhanced whitelist mode. The enhanced whitelist mode offers higher security than the standard whitelist mode.

Note The enhanced whitelist mode is unavailable due to a network link upgrade. You will be immediately notified when the enhanced whitelist mode is available.

Network isolation modes

RDS instances support the following two network isolation modes:
  • Standard whitelist

    IP addresses from both the classic network and virtual private clouds (VPCs) can be added to the same IP address whitelist. The standard whitelist mode is less secure than the enhanced whitelist mode. We recommend that you switch to the enhanced whitelist mode.

  • Enhanced whitelist

    IP addresses from the classic network and VPCs must be added to different IP address whitelists. When you create an IP address whitelist, you must specify its network type.

Changes incurred

If the RDS instance resides in a VPC, an IP address whitelist of the VPC network type is created. The new IP address whitelist contains all the IP addresses from the original IP address whitelists.

Note After you switch to the enhanced whitelist mode, the configured ECS security groups remain unchanged.

Precautions

  • After you switch the network isolation mode of your RDS instance to the enhanced whitelist mode, you cannot roll the instance back to the standard whitelist mode.
  • In enhanced whitelist mode, an IP address whitelist of the classic network type can also be used to allow access over the Internet. If you want to access your RDS instance from an on-premises host over the Internet, you must add the public IP address of the host to an IP address whitelist of the classic network type.

Procedure

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Data Security.
  3. On the Whitelist Settings tab, click Switch to Enhanced Whitelist (Recommended).
    Switch the network isolation mode to the enhanced whitelist mode
  4. In the dialog box that appears, click Confirm.