:Internet and Intranet connection between ECS and RDS and its confirmation methods

Introduction

This article describes how to connect an ECS instance to apsaradb for RDS over the public and internal networks.

Background

Alibaba Cloud reminds you that:

• Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
• If you modify the configuration and data of an instance (including but not limited to ECS and RDS), we recommend that you create snapshots or enable RDS log backup.
• If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.

The conditions for ECS to connect to an RDS instance are as follows:

• Public network connection:
  • RDS has a public endpoint.
  • The public IP address of the local computer is added to the whitelist of the RDS instance.
• Intranet connection:
  • The ECS and RDS instances reside in the same region.
  • The ECS and RDS instances must be in the same network type. For example, the ECS instance in a VPC must be in the same VPC.
  • The internal IP address of the ECS instance is added to the whitelist of the RDS instance.

Verify region and network type

1. Log on to the ECS console, select instances, and on the instances page, view the region and network type of the instance.
   
   
2. Log on to the RDS console. On the instances page, obtain the region and network type of the instance.
3. Make sure that the ECS instance and apsaradb for RDS instance reside in the same region and have the same network type.

   Note:
   

   • If you create an RDS instance in another region and the instance is created, you can purchase the instance again in the same region as the source instance. If your RDS instance has data, purchase a new apsaradb for RDS instance in the same region as the original RDS instance, migrate the data to the new instance, and then create refunds for the earlier RDS instances.
   • If different network types exist, you can switch the RDS instance to the same network type as the ECS instance. For more information, see switch network types.
   • If the RDS instance and the ECS instance are in different VPCs, we recommend that you switch over from the RDS instance to the classic network, and then to the VPC. If no vSwitch is available when you switch the VPC to the region where the RDS instance is located, create a vSwitch in the VPC and then switch to the same VPC as your ECS instance. The vSwitch is valid only in the region.

Verify the RDS whitelist

1. Make sure that the IP address of the ECS instance is already added to the whitelist of the apsaradb for RDS instance. For more information, see configure whitelists.
2. If you have enabled the enhanced whitelist mode, you need to select the corresponding network isolation mode.
   
   • If you are classic network, select classic network and Internet addresses.
   • If the network is a VPC and the IP address is an external IP address, select classic network and public IP address.
   • If the network type is VPC and the IP address is internal, you must select VPC.

References

• If an ECS instance in a classic network and a VPC can access the RDS instance over the internal network, you can switch the RDS instance to the hybrid access mode. For more information, see configure hybrid access access mode.
• If your ECS and RDS instances do not belong to the same region or belong to the same account, you must use Express connect to connect them through the internal network.
  • For more information about how to connect multiple VPCs under the same account, see connect VPCs under the same account.
  • For more information about how to connect different VPCs under different accounts, see connect VPCs under different accounts.

Application scope

• ApsaraDB RDS instance