All Products
Search
Document Center

ApsaraDB RDS:Apply for a public endpoint for an ApsaraDB RDS for PostgreSQL instance

Last Updated:May 27, 2026

ApsaraDB RDS for PostgreSQL provides an internal endpoint by default, which only allows connections from Elastic Compute Service (ECS) instances in the same virtual private cloud (VPC). To connect from outside the VPC or from outside Alibaba Cloud, apply for a public endpoint.

Internal endpoint compared with public endpoint

Endpoint type

Default

Can be released

When to use

Internal endpoint

Yes

No. The network type can be changed.

Your ECS instance and the RDS instance are in the same VPC. Use this for production workloads—it offers better security and lower latency.

Public endpoint

No. Must be applied for manually.

Yes

Your client or application is in a different VPC, on a different cloud, or on your local machine. Typical use cases include cross-VPC application access, local development, and testing.

Important

Applying for a public endpoint and the traffic it generates are free of charge. However, a public endpoint exposes the RDS instance to the Internet and reduces data security. For better performance and security, migrate your application to an ECS instance in the same region with the same network type as the RDS instance, and connect through the internal endpoint.

Prerequisites

Before you begin, ensure that you have:

  • An ApsaraDB RDS for PostgreSQL instance

  • The instance ID and region

Apply for a public endpoint

  1. Go to the Instances page. In the top navigation bar, select the region of the RDS instance. Find the instance and click its ID.

  2. In the left-side navigation pane, click Database Connection.

  3. Click Apply for Public Endpoint.

    Warning

    By default, Add 0.0.0.0/0 to the whitelist is selected. This CIDR block allows all IP addresses to access the RDS instance. Use this setting only for connectivity tests. Do not keep 0.0.0.0/0 in a whitelist for production workloads.

  4. In the confirmation message, click OK.

Release a public endpoint

  1. Go to the Instances page. In the top navigation bar, select the region of the RDS instance. Find the instance and click its ID.

  2. In the left-side navigation pane, click Database Connection.

  3. Click Disable Public Endpoint.

  4. In the confirmation message, click OK.

API operations

Operation

Description

AllocateInstancePublicConnection

Applies for a public endpoint for an instance.

ReleaseInstancePublicConnection

Releases the public endpoint of an instance.

Next steps

After the public endpoint is ready, complete the following steps: