Apply for or release a public endpoint

ApsaraDB RDS supports two types of endpoints: internal endpoints and public endpoints. By default, you are provided with an internal endpoint that is used to connect to your ApsaraDB RDS for SQL Server instance. If you want to connect to your RDS instance over the Internet, you must apply for a public endpoint.

Internal and public endpoints

Endpoint type	Description
Internal endpoint	By default, an internal endpoint is provided. You do not need to apply for the internal endpoint. You cannot release the internal endpoint. However, you can change the network type. If the Elastic Compute Service (ECS) instance on which your application is deployed resides in the same region and has the same network type as your RDS instance, these instances can communicate over an internal network, and you do not need to apply for a public endpoint. For more information, see Change the network type of an ApsaraDB RDS for MySQL instance. For security and performance purposes, we recommend that you connect to your RDS instance by using the internal endpoint.
Public endpoint	You must manually apply for a public endpoint for your RDS instance. You can release the public endpoint if it is no longer needed. If you cannot connect to your RDS instance by using the internal endpoint, you must apply for a public endpoint. You may need to apply for a public endpoint in the following scenarios: Connect to your RDS instance from an ECS instance that resides in a different region or has a different network type than your RDS instance. For more information, see Change the network type of an ApsaraDB RDS for MySQL instance. Connect to your RDS instance from a device outside Alibaba Cloud. Important You are not charged for applying for a public endpoint. You are also not charged for the traffic that is generated after you use the public endpoint to connect to your RDS instance over the Internet. If you use a public endpoint to connect to an RDS instance, data security is compromised. Proceed with caution. For faster transmission and higher security, we recommend that you migrate your application to an ECS instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance by using the internal endpoint.

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Database Connection.
Apply for or release a public endpoint.
- If you have not applied for a public endpoint, you can click Apply for Public Endpoint.
- If you have applied for a public endpoint, click Release Internet Address.
Warning
When you apply for a public endpoint, Add 0.0.0.0/0 to the whitelist is selected by default. The 0.0.0.0/0 CIDR block indicates that all IP addresses are allowed to access your RDS instance. We recommend that you add this CIDR block only for a connectivity test. When you run online workloads, do not add this CIDR block to an IP address whitelist.
In the message that appears, click OK.

Related operations

Operation	Description
Apply for a public endpoint	Applies for a public endpoint for an instance.
Release a public endpoint	Releases the public endpoint of an instance.