ApsaraDB RDS for PostgreSQL provides an internal endpoint by default, which only allows connections from Elastic Compute Service (ECS) instances in the same virtual private cloud (VPC). To connect from outside the VPC or from outside Alibaba Cloud, apply for a public endpoint.
Internal endpoint compared with public endpoint
|
Endpoint type |
Default |
Can be released |
When to use |
|
Internal endpoint |
Yes |
No. The network type can be changed. |
Your ECS instance and the RDS instance are in the same VPC. Use this for production workloads—it offers better security and lower latency. |
|
Public endpoint |
No. Must be applied for manually. |
Yes |
Your client or application is in a different VPC, on a different cloud, or on your local machine. Typical use cases include cross-VPC application access, local development, and testing. |
Applying for a public endpoint and the traffic it generates are free of charge. However, a public endpoint exposes the RDS instance to the Internet and reduces data security. For better performance and security, migrate your application to an ECS instance in the same region with the same network type as the RDS instance, and connect through the internal endpoint.
Prerequisites
Before you begin, ensure that you have:
An ApsaraDB RDS for PostgreSQL instance
The instance ID and region
Apply for a public endpoint
Go to the Instances page. In the top navigation bar, select the region of the RDS instance. Find the instance and click its ID.
In the left-side navigation pane, click Database Connection.
-
Click Apply for Public Endpoint.
WarningBy default, Add 0.0.0.0/0 to the whitelist is selected. This CIDR block allows all IP addresses to access the RDS instance. Use this setting only for connectivity tests. Do not keep 0.0.0.0/0 in a whitelist for production workloads.
In the confirmation message, click OK.
Release a public endpoint
Go to the Instances page. In the top navigation bar, select the region of the RDS instance. Find the instance and click its ID.
In the left-side navigation pane, click Database Connection.
Click Disable Public Endpoint.
In the confirmation message, click OK.
API operations
|
Operation |
Description |
|
Applies for a public endpoint for an instance. |
|
|
Releases the public endpoint of an instance. |
Next steps
After the public endpoint is ready, complete the following steps:
Add the public IP address of your client or application to an IP address whitelist to control which addresses can connect. See Configure an IP address whitelist.
Connect to the RDS instance through pgAdmin, the PostgreSQL CLI, or your application. See Connect to an ApsaraDB RDS for PostgreSQL instance.