Before connecting a client to your Tair (Redis-compatible) instance, complete two steps in order: establish network connectivity, then configure an IP whitelist.
Establish network connectivity
Select a network type based on where your client runs.
| Client location | Recommended network type | Notes |
|---|---|---|
| ECS or ACK (Container Service for Kubernetes) | Virtual Private Cloud (VPC) | Clients and instances in the same VPC connect by default. If they are in different VPCs, change the VPC or use VPC peering. |
| On-premises client | Internet | Configure the whitelist first, then apply for a public endpoint. |
| On-premises data center (IDC) | Express Connect | Connect your IDC to the instance through an Express Connect circuit. |
For network planning guidance, see Plan network connectivity.
Check whether your client and instance share a VPC
If your client runs on ECS or ACK, verify that both are in the same VPC before proceeding.
In the ECS or ACK console, click the instance ID to open its details page. Find the VPC in the Network section.
In the Tair and Redis console, click the instance ID to open its details page. Find the VPC in the Basic Information section.
Compare the two VPC values. If they match, proceed to Configure an IP whitelist.
Resolve VPC mismatches
If the client and instance are in different VPCs:
Same region: Change the VPC of the ECS instance or change the VPC of the Tair instance so both are in the same VPC.
Cross-account or cross-region: Set up VPC peering connections.
Configure an IP whitelist
Only IP addresses on the whitelist can access the instance. Add your client's IP based on its location.
Navigate to whitelist settings
Log on to the console and go to the Instances page. In the top navigation bar, select the region where your instance resides, then click the instance ID.
In the left-side navigation pane, click Whitelist Settings.
Add IPs for ECS clients
In the row containing the default security group, click Modify.
Set Method to Add IP Address to Import ECS Private IP Address. The page shows private IP addresses of ECS instances in the same region. > Tip: Hover over an IP address to see the ECS instance ID and name.
Select the required IP addresses and move them to the box on the right.
Click OK.
Add IPs for ACK clients
Next to the Whitelist Setting tab, click the Security Groups tab.
Click Add Security Group. In the dialog that appears, select the security group for your ACK cluster and move it to the box on the right. > Tip: To find the ACK security group name, go to Cluster Information > Basic Information > Network and look up the Control Plane Security Group.
Click OK.
Add IPs for on-premises clients
Run the following command on your client device to get its public IP address:
curl ifconfig.meIn the row containing the default security group, click Modify. Add the public IP address.
Click OK.
For internet access, configure the whitelist first, then apply for a public endpoint in the Connection Information section on the instance details page.
Handle dynamic IP addresses
If your client IP changes over time, use one of the following approaches:
ECS in an auto scaling group: Use the auto-add/remove private IPs feature to keep the whitelist in sync automatically.
Fixed IP range: Add the entire range using CIDR notation. For example,
10.23.12.0/24covers addresses from10.23.12.0to10.23.12.255.Unpredictable IP range: Use a script that monitors for IP changes and calls the ModifySecurityIps API operation to update the whitelist.
For more information, see Set an IP whitelist.
What's next
Connect to your instance using one of the following methods: