All Products
Search
Document Center

ApsaraDB RDS:Apply for or release a public endpoint

Last Updated:Jul 12, 2025

ApsaraDB RDS supports two types of endpoints: internal endpoints and public endpoints. By default, you are provided with an internal endpoint to connect to your ApsaraDB RDS instance. If you want to connect to your instance over the Internet, you must apply for a public endpoint.

For more information about how to apply for or release public endpoints for RDS instances that run other database engines, see the following topics:

Internal and public endpoints

Address Type

Description

Internal endpoint

  • By default, an internal endpoint is provided. You do not need to apply for the internal endpoint. In addition, you cannot release the internal endpoint. However, you can change the network type.

  • If your application is deployed on an ECS instance that resides in the same region and has the same network type as the RDS instance, the ECS instance can communicate with the RDS instance over the internal network. In this case, you do not need to apply for a public endpoint.

  • For security and performance purposes, we recommend that you connect to your RDS instance using the internal endpoint.

Public endpoint

  • You must manually apply for a public endpoint for your RDS instance. You can release the public endpoint if it is no longer needed.

  • If you cannot connect to your RDS instance using the internal endpoint, you must apply for a public endpoint. You must apply for a public endpoint in the following scenarios:

    • You want to connect to your RDS instance from an ECS instance that resides in a different region or has a different network type from the RDS instance.

    • You want to access an ApsaraDB RDS instance from a device outside Alibaba Cloud.

Important
  • Currently, you are not charged for applying for a public endpoint or for the Internet traffic that is generated.

  • If you use a public endpoint to access an ApsaraDB RDS instance, the security of the instance is compromised. Proceed with caution.

  • For faster transmission and higher security, we recommend that you migrate your application to an ECS instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance using the internal endpoint of the RDS instance.

Considerations

  • After you release a public endpoint and apply for a new one, the new public endpoint is different from the released one. You must update the connection configurations on your business side with the new public endpoint to ensure normal service operation.

  • If you have enabled Secure Sockets Layer (SSL) encryption for the public endpoint of your instance, you must disable SSL before you release the public endpoint. Disabling SSL encryption restarts your instance. We recommend that you perform this operation during off-peak hours.

Apply for or release a public endpoint

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the navigation pane on the left, click Database Connection.

    Note

    For instances of Cluster Edition, you can also apply for or release a public endpoint on the instance topology graph on the Basic Information page of the instance.

  3. Apply for or release a public endpoint:

    • To apply for a public endpoint, click Apply For Public Endpoint.

    • To release an existing public endpoint, click Release Public Endpoint.

  4. In the dialog box that appears, click OK.

    Warning

    Adding 0.0.0.0/0 to the whitelist poses a security risk. After testing is complete, please reconfigure the whitelist.

    To use a public connection, you can use curl ipinfo.io/ip to query your local client's public IP address, and add it to the RDS whitelist.

FAQ

  • Am I charged for the use of a public endpoint?

    Currently, you are not charged for the Internet traffic of your instance, including both inbound and outbound traffic. There is currently no bandwidth limit.

  • Can I configure the endpoints of my RDS instances to static IP addresses?

    No, you cannot configure the endpoints of your RDS instance to static IP addresses. Primary/secondary failover or configuration changes may cause IP address changes. We recommend that you use connection addresses to reduce the impact on your business.

Related operations