Change the network type of an ApsaraDB RDS for PostgreSQL instance - ApsaraDB RDS

This topic describes how to change the network type of an ApsaraDB RDS for PostgreSQL instance based on your business requirements.

Network types

Classic network: RDS instances in the classic network are not isolated. To block unauthorized access to these instances, you must configure IP address whitelists or security groups.
Virtual private cloud (VPC): Each VPC is an isolated virtual network. VPCs are more secure than the classic network. We recommend that you select the VPC network type.
You can configure route tables, CIDR blocks, and gateways in a VPC. In addition, you can connect your data center to a VPC by using Express Connect circuits or VPNs. The data center and the VPC comprise a virtual data center. You can use the virtual data center to migrate your workloads to the cloud with no downtime.

Note

You can select the classic or VPC network type and switch your RDS instance between these network types free of charge.
Before you change the network type, you must enable the enhanced whitelist mode for your RDS instance. For more information, see Switch an ApsaraDB RDS for PostgreSQL instance to the enhanced whitelist mode.

View the network type

Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
In the left-side navigation pane, click Database Connection. On the page that appears, view the network type of the RDS instance.

Change the network type from classic network to VPC

Note Your RDS instance resides in the classic network.

Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
In the left-side navigation pane, click Database Connection.
Click Switch to other VPC.

In the Switch to VPC dialog box, select a VPC and a vSwitch and specify whether to retain the classic network endpoint.

Select a VPC. We recommend that you select the VPC where the Elastic Compute Service (ECS) instance that you want to connect resides. If the ECS instance and the RDS instance reside in different VPCs, these instances cannot communicate over an internal network unless you use Cloud Enterprise Network (CEN) or VPN Gateway to enable network communication between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN or Establish IPsec-VPN connections between two VPCs.
Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the zone in which the RDS instance resides. For more information, see Create a vSwitch.

Clear or select Reserve original classic endpoint.


Operation	Description
Clear Reserve original classic endpoint	The classic network endpoint is not retained and changes to a VPC endpoint. When you change the network type from classic network to VPC, a transient connection that lasts approximately 30 seconds occurs and ECS instances that reside in the classic network are immediately disconnected from your RDS instance.
Select Reserve original classic endpoint	The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, the RDS instance runs in hybrid access mode. Classic network-hosted ECS instances and VPC-hosted ECS instances can connect to the RDS instance over an internal network. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for PostgreSQL instance. When you change the network type from classic network to VPC, no transient connection occurs. The connection between each classic network-hosted ECS instance and the RDS instance remains available until the classic network endpoint expires. Before the classic network endpoint expires, add the VPC endpoint to your application that runs on a VPC-hosted ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC with no downtime. ApsaraDB RDS sends a text message to the mobile number that is bound to your Alibaba Cloud account every day within seven days before the classic network endpoint expires. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for PostgreSQL instance.

Add the private IP address of the required VPC-hosted ECS instance to an IP address whitelist of the VPC network type on the RDS instance. This way, the ECS instance can access the RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.
Add the VPC endpoint of the RDS instance to the required VPC-hosted ECS instance.
- If you selected Reserve original classic endpoint, you must add the VPC endpoint to your application that runs on the required VPC-hosted ECS instance before the classic network endpoint expires.
- If you cleared Reserve original classic endpoint, the connection between each classic network-hosted ECS instance and the RDS instance over an internal network is immediately closed after the network type is changed. You must add the VPC endpoint of the RDS instance to your application that runs on the required VPC-hosted ECS instance.
Note
If the RDS instance resides in a VPC and you want to connect a classic network-hosted ECS instance to the RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Overview.

Change the VPC of an instance

You cannot directly change the VPC of an RDS instance. You can change the vSwitch of the RDS instance.

If you want to change the VPC, you must purchase a new RDS instance that resides in the required VPC and then migrate the data of the original RDS instance to the new RDS instance.
If you want to change the vSwitch, see Switch an ApsaraDB RDS for PostgreSQL instance to a different vSwitch.

Related operations


Operation	Description
ModifyDBInstanceNetworkType	Changes the network type of an ApsaraDB RDS instance.