ApsaraDB RDS:Change the network type

Network types

Prerequisites

Before you begin, ensure that you have:

• Enabled the enhanced whitelist mode for your RDS instance. See Change the whitelist mode to the enhanced whitelist mode.

Switching between the classic network and VPC is free of charge.

Usage notes

For read-only instances: Migrate the primary instance to a VPC before migrating any read-only instance.

• Premium Local SSDs: The read-only instance can connect to any VPC.

• Cloud disks: The read-only instance must use the same VPC as the primary instance.

View the current network type

1. Go to the Instances page. In the top navigation bar, select the region where your RDS instance resides, then click the instance ID.

2. In the left-side navigation pane, click Database Connection.

The network type is displayed on this page.

Switch from classic network to VPC

Your RDS instance must be in the classic network before you begin.

1. Go to the Instances page. Select the region where your RDS instance resides, then click the instance ID.

2. In the left-side navigation pane, click Database Connection.

3. Click Switch to VPC.

4. In the Switch to VPC dialog box, configure the following settings: Select a VPC. Choose the VPC where the Elastic Compute Service (ECS) instance you want to connect resides. If the ECS instance and the RDS instance are in different VPCs, they cannot communicate over an internal network unless you use Cloud Enterprise Network (CEN) or VPN Gateway. See Overview of Alibaba Cloud CEN and Establish IPsec-VPN connections between two VPCs (single-tunnel mode). Select a vSwitch. If no vSwitches exist in the selected VPC, create one in the zone where the RDS instance resides. See Create and manage vSwitches. Choose whether to retain the classic network endpoint. This setting controls whether existing classic network connections are cut immediately or kept alive during the transition.

   Option	Effect
   Clear Reserve original classic endpoint	The classic network endpoint is removed immediately. A transient connection interruption of approximately 30 seconds occurs. Classic network ECS instances are disconnected from the RDS instance right away.
   Select Reserve original classic endpoint	The classic network endpoint is retained and a new VPC endpoint is created. The instance enters hybrid access mode — both classic network and VPC ECS instances can access it over an internal network with no interruption. The classic network endpoint expires after a configured period. ApsaraDB RDS sends a daily SMS to the mobile number bound to your Alibaba Cloud account starting seven days before expiration. See Configure the hybrid access solution for an ApsaraDB RDS for PostgreSQL instance.

5. Add the private IP address of each VPC-type ECS instance that needs access to the VPC network type IP address whitelist on the RDS instance. If no whitelist of the VPC network type exists, create one.

6. Update your application with the VPC endpoint of the RDS instance.

   • If you selected Reserve original classic endpoint, add the VPC endpoint before the classic network endpoint expires.

   • If you cleared Reserve original classic endpoint, update the endpoint immediately — classic network connections are already closed.

To connect an ECS instance in a classic network to an RDS instance in a VPC over an internal network, you can use ClassicLink or switch the network type of the ECS instance to a VPC.

FAQ

After switching to VPC, can I still access the RDS instance through its public endpoint?

Yes. Switching to VPC only changes the internal endpoint. The public endpoint remains unchanged, so internet access is unaffected.

API reference