All Products
Search

This Product

    ApsaraDB RDS:Connect a classic network-type ECS instance to a VPC-type ApsaraDB RDS for PostgreSQL instance

    Document Center

    ApsaraDB RDS:Connect a classic network-type ECS instance to a VPC-type ApsaraDB RDS for PostgreSQL instance

    Last Updated:Mar 04, 2024

    This topic describes how to establish a ClassicLink connection to connect a classic network-type Elastic Compute Service (ECS) instance to an ApsaraDB RDS for PostgreSQL instance that resides in a virtual private cloud (VPC).

    Background information

    ApsaraDB RDS for PostgreSQL instances that use standard SSDs or enhanced SSDs (ESSDs) no longer support the classic network. We recommend that you use the VPC network type that is more secure compared with the classic network. If your ECS instance resides in the classic network, we recommend that you migrate your ECS instance to the same VPC as your RDS instance. This way, the instances can communicate over an internal network. If you do not want to migrate your classic network-type ECS instance, you can connect the classic network-type ECS instance to your VPC-type RDS instance by using the method that is described in this topic. For more information, see Migrate an ECS instance from the classic network to a VPC (new version).

    Prerequisites

    • The ECS instance resides in the classic network.

    • The RDS instance resides in a VPC.

    • The ECS instance and the RDS instance reside in the same region.

    • The private IP address of the ECS instance is added to an IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist.

    Procedure

    1. Enable ClassicLink for the VPC in which the RDS instance resides.

      1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

      2. In the left-side navigation pane, click Database Connection.

      3. Click the VPC ID to the right of Network Type to go to the VPC console. VPCID

      4. In the upper-right corner of the page that appears, click Enable ClassicLink. Enable ClassicLink

      5. In the message that appears, click OK.

    2. Configure a security group rule for ClassicLink for the ECS instance.

      1. Log on to the ECS console.

      2. In the left-side navigation pane, choose Instances & Images > Instances. In the top navigation bar, select a region.

      3. Find the classic network-type ECS instance. Then, click the More icon icon and choose Network and Security Group > Set classic link in the Actions column.

      4. In the dialog box that appears, configure the VPC parameter and click Confirm. Select a VPC

      5. Click Go to the instance security group list and add ClassicLink rules. Go to the instance security group list and add ClassicLink rules

      6. On the details page of your ECS instance, choose Security Groups > Security Groups. Find the required security group and click the ID of the security group. Security group ID

      7. In the upper-right corner, click Add ClassicLink Rule and configure the following parameters. Configure a security group rule for ClassicLink

        Parameter

        Description

        Classic Security Group

        The name of the security group for the classic network. You do not need to configure this parameter.

        Select VPC

        The VPC in which your want to add the rule.

        VPC-type Security Groups

        The security groups that you want to connect in the VPC. In this example, random security groups are selected.

        Mode

        The authorization method. In this example, Classic <=> VPC is selected.

        • Classic <=> VPC: This mode allows resources in the classic network and VPCs to access each other. We recommend that you select this mode.

        • Classic Network => VPCs: This mode allows only resources in the classic network to access resources in VPCs.

        • VPCs => Classic Network: This mode allows only resources in VPCs to access resources in the classic network.

        Protocol Type

        The protocol that is used in communication. In the example, Custom TCP is automatically selected. You do not need to change the value.

        Port Range

        The port range that is in the xx/xx format. For example, if you want to authorize port 5432 for communication., enter 5432/5432.

        Priority

        The priority of the rule. A smaller value specifies a higher priority. Example: 1.

        Description

        The description of the rule.

      8. Click OK.

    3. Connect to the ECS instance and run the following command to connect the ECS instance to the RDS instance by using the internal endpoint: 

      psql -h <Internal endpoint of the RDS instance> -U <Username of the RDS instance> -p <Port number> -d <Database name>
      Note

      Before you run the command, make sure that the PostgreSQL client is installed on the ECS instance and an account is created on the RDS instance. For more information about how to connect to an RDS instance, see Connect to an ApsaraDB RDS for PostgreSQL instance.