Tair allows you to enable password-free access for instances that are deployed in virtual private clouds (VPCs). This feature provides a secure and convenient method to connect to an instance. After password-free access is enabled for an instance located in a VPC, clients within the same VPC can access the instance without using passwords. Meanwhile, you can still use a username and a password to connect to the instance.

Precautions

  • After you enable password-free access for an instance, the default account is used to connect to the instance. The username of the default account is the same as the instance ID, such as r-bp1zxszhcgatnx****. The default account has read and write permissions on the instance.
  • For security concerns, if password-free access over a VPC is enabled for an instance and you use a public endpoint to connect to the instance, you still need to enter a password.
    Note If you cannot use a public endpoint to connect to the instance, update the instance to the latest minor version. For more information, see Update the minor version of an instance.
  • By default, the #no_loose_check-whitelist-always parameter of an instance is set to no. This way, after password-free access is enabled, clients within the same VPC can directly connect to the instance without the need to add the IP addresses of the clients to a whitelist of the instance. For more information, see Modify parameters of an instance.
    Note
    • If the (error) ERR illegal address error message is returned when you run commands on an instance that has password-free access enabled, the IP address of the client that you are using is not added to a whitelist of the instance.

      You can add the IP address to a whitelist of the instance. Alternatively, you can set #no_loose_check-whitelist-always to no. This way, the system does not check whether IP addresses are included in instance whitelists.

    • The #no_loose_check-whitelist-always parameter cannot be specified for instances that use cloud disks. For more information, see Supported parameters.

Procedure

  1. Log on to the Tair console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage is deployed. Then, find the instance and click its ID.
  2. In the upper-right corner of the Connection Information section, click Enable Password-free Access.
  3. In the panel that appears, read the prompt and click OK.
    After you refresh the page, the Enable Password-free Access button changes to Disable Password-free Access. You can click this button to disable password-free access.
    Note If password-free access is disabled for an instance, clients that use password-free access to connect to the instance can no longer access the instance. To allow these clients to connect to the instance after password-free access is disabled, you must configure the clients to use a username and a password for authentication.

Connection example

The following code provides an example on how to connect to an instance that has password-free access enabled:

redis-cli -h host -p port
// Example: redis -h r-bp10noxlhcoim2****.redis.rds.aliyuncs.com -p 6379 
JedisPoolConfig config = new JedisPoolConfig();
// Specify the maximum number of idle connections based on your business needs. The value cannot exceed the maximum number of connections supported by the instance. 
config.setMaxIdle(100);
// Specify the maximum number of connections based on your business needs. The value cannot exceed the maximum number of connections supported by the instance. 
config.setMaxTotal(200);
config.setTestOnBorrow(false);
config.setTestOnReturn(false);
// Replace the values of the host and port parameters with the endpoint and port number of the instance respectively. The password parameter is not required. 
String host = "r-bp10noxlhcoim2****.redis.rds.aliyuncs.com";
int port = 6379;
JedisPool pool = new JedisPool(config, host, port);
Jedis jedis = null;
try
{
    jedis = pool.getResource();
    /// ... do stuff here ... for example
    jedis.set("foo", "bar");
    System.out.println(jedis.get("foo"));
    jedis.zadd("sose", 0, "car");
    jedis.zadd("sose", 0, "bike");
    System.out.println(jedis.zrange("sose", 0, -1));
}
finally
{
    if(jedis != null)
    {
        // Close connections after each API operation is complete. To close a connection, release the connection to the connection pool instead of destroying the connection. 
        jedis.close();
    }
}
// Call only once when you exit. 
pool.destroy();
Note For information about how to obtain the endpoint of a Tair instance and the password of the instance account, see View endpoints and port numbers.

Related API operations

Operation Description
ModifyInstanceVpcAuthMode Enables or disables password-free access for an instance that is deployed in a VPC.