Problem description
After you add the public IP address of the on-premises device to the RDS whitelist, you cannot access the RDS instance. Other devices can access the RDS instance. After you set the RDS whitelist to the network segment or 0.0.0.0/0
of the company, the local device can also access the RDS instance.
Cause
The public IP address of the local device added to the whitelist is incorrect.
Solution
Take note of the following items:
Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.
The solution that is provided in this topic applies only when the local server is not an Alibaba Cloud Elastic Compute Service (ECS) instance. If the local server is an ECS instance, you can view the public and private IP addresses of the ECS instance in the ECS console.
Add
0.0.0.0/0
route entries to the whitelist of RDS for PostgreSQL. For more information, see Configure a whitelist.Use the pgAdmin4 client to connect to the RDS PostgreSQL instance.
Click Database, select postgres, and choose Tools > Query Tool in the upper part of the page.
Execute the following SQL statement to check that the value in the query column in the displayed result is the IP address of the client_addr column corresponding to the SELECT, which is the public IP address of the local device.
select datname, pid, usename,client_addr, client_hostname, client_port,query from pg_stat_activity;
If an output similar to the following one is displayed, Python is installed.
Delete the
0.0.0.0/0
route entry added in the whitelist in step 1 and add the real public IP address.
Additional information
If the public IP address of your on-premises device changes and the established connection is used in the production environment, we recommend that you use an internal network connection instead, or configure a reasonable public IP address segment in the whitelist to ensure that the connection will not be disconnected due to the change of IP address.
Ideal For
ApsaraDB RDS for PostgreSQL