All Products
Search
Document Center

ApsaraDB RDS:Apply for or release a public endpoint

Last Updated:Jun 03, 2026

ApsaraDB RDS for SQL Server provides an internal endpoint by default for connections from Elastic Compute Service (ECS) instances within the same virtual private cloud (VPC). To connect from outside the VPC, from a different region, or from an on-premises device, apply for a public endpoint.

Internal and public endpoints

Endpoint type

How it works

Internal endpoint

Provided by default. Enables communication between an ECS instance and an RDS instance in the same VPC over an internal network, delivering high security and optimal performance. You cannot release the internal endpoint, but you can change the network type. For more information, see FAQ about network types.

Public endpoint

Not provided by default. Apply for a public endpoint to enable Internet-based connections, and release it when no longer needed.

Use a public endpoint in the following scenarios:

  • Connect from an ECS instance in a different region or with a different network type from the RDS instance. For more information, see Network types.

  • Connect from a device outside Alibaba Cloud.

Important

A public endpoint exposes your RDS instance to the Internet. For faster connections and better security, deploy your application on an ECS instance in the same region and VPC as the RDS instance, and connect through the internal endpoint instead.

Limitations

If forceful SSL encryption is enabled for the internal endpoint, you cannot apply for a public endpoint. For more information, see Configure the SSL encryption feature.

To resolve this, set the Forceful Encryption parameter to No for the internal or public endpoint based on your business requirements. For more information, see Configure the SSL encryption feature.

Billing

Applying for a public endpoint is free. Inbound and outbound Internet traffic through the public endpoint is also free. No bandwidth limits are imposed, though actual bandwidth depends on instance performance and the network environment.

Apply for a public endpoint

  1. Go to the Instances page. In the top navigation bar, select the region where the RDS instance resides. Find the RDS instance and click its instance ID.

  2. In the left-side navigation pane, click Database Connection.

  3. Click Apply for Public Endpoint.

  4. In the dialog, configure the whitelist option and click OK. The Add 0.0.0.0/0 to Whitelist option is selected by default, which allows all IP addresses to connect over the Internet. For security, clear this option and add only the specific IP addresses of your clients after the public endpoint is active.

Connect over the Internet

Before connecting, complete the following steps:

  1. Add the public IP address of your client or device to an IP address whitelist of the RDS instance. Connections from addresses not on the whitelist are blocked.

  2. Connect to the RDS instance using SQL Server Management Studio (SSMS) or Data Management (DMS).

Release a public endpoint

Release the public endpoint when Internet-based access is no longer needed.

  1. Go to the Instances page. In the top navigation bar, select the region where the RDS instance resides. Find the RDS instance and click its instance ID.

  2. In the left-side navigation pane, click Database Connection.

  3. Click Release Public Endpoint.

  4. In the message that appears, click OK.

Important

After the public endpoint is released, clients can no longer connect to the RDS instance using the released public endpoint.

FAQ

Am I charged for a public endpoint? Are there bandwidth limits?

No. Applying for a public endpoint is free, and no fees are charged for inbound or outbound Internet traffic. No bandwidth limits are imposed, though actual bandwidth depends on instance performance and the network environment.

API reference