ApsaraDB RDS:Connect to an ApsaraDB RDS instance

Public connection

A public connection allows you to access your ApsaraDB RDS instance by using its public endpoint. By default, ApsaraDB RDS instances are not assigned a public endpoint. To connect over the internet, you must first request a public endpoint.

After you obtain a public endpoint, you can use it to connect to your ApsaraDB RDS instance. For detailed instructions, see the References section at the end of this topic.

Internal connection

An internal connection allows you to access your ApsaraDB RDS instance by using its internal endpoint. To find the internal endpoint, see View and manage instance endpoints and ports.

Prerequisites

In most cases, only ECS instances and Data Management (DMS) can access an ApsaraDB RDS instance over an internal network. To access ApsaraDB RDS from an on-premises data center, you must use Cloud Enterprise Network (CEN).

To connect from an ECS instance to an ApsaraDB RDS instance over an internal network, all of the following conditions must be met:

• The ECS instance and the ApsaraDB RDS instance use the same network type.

  We recommend that you use a virtual private cloud (VPC) for internal communication. If your instance is in a classic network, which is being phased out (see the announcement), we recommend switching to a virtual private cloud (VPC).

• The private IP address of the ECS instance must be in the ApsaraDB RDS whitelist. For more information, see Configure a whitelist.

• If both the ECS and ApsaraDB RDS instances use the virtual private cloud (VPC) network type, they must be in the same VPC, in the same region, and under the same Alibaba Cloud account.

  Note

  If the ECS and ApsaraDB RDS instances are in different regions or belong to different Alibaba Cloud accounts, you can use one of the following methods to establish a connection.

  • Use a VPC peering connection to enable private communication between two VPCs in the same or different accounts and regions. VPC peering connections within the same region are free of charge.

  • Use Cloud Enterprise Network (CEN) to enable private connectivity. Based on your scenario, see Connect VPCs in the same region, Connect VPCs across different regions, or Connect VPCs across accounts.

Once these conditions are met, you can use the ApsaraDB RDS internal endpoint to connect. For detailed connection steps, see References.

FAQ

• Q: How can I prevent public access to my ApsaraDB RDS instance?

  A: Configure the whitelist for your ApsaraDB RDS instance to allow only private IP addresses. Alternatively, you can release the public endpoint.

• Q: Why can't I switch my instance's network type to classic network?

  A: Some instances support only the virtual private cloud (VPC) network type and cannot be switched to the classic network. For more information, see Change the network type.

• Q: I could connect to my instance, but the connection now fails even though my public IP address is in the whitelist. Why?

  A: This can happen if your public IP address has changed. Verify that your client's public IP address is still in the whitelist.

• Q: How do I find the public IP address of an ApsaraDB RDS instance?

  A: Copy the public endpoint of the ApsaraDB RDS instance, and ping it from your local Windows or Linux system to obtain the public IP address.

• Q: How do I determine the range of public IP addresses?

  A: Public IP addresses change dynamically. The exact IP address range is unpredictable.

• Q: If I enable a public endpoint for my instance, will my internal connection be affected?

  A: No. Public and internal networks are two different network types.

• Q: When I log in to my ApsaraDB RDS instance using Data Management (DMS), why can't I find the target database?

  A: The database list may not appear because the metadata has not been synchronized. After you log in, hover over the instance and click the refresh button next to its name. This action refreshes the database list.

• Q: Is there a charge for connecting to an ApsaraDB RDS instance from an ECS instance over a virtual private cloud (VPC)?

  A: Data transfer between an ECS instance and an ApsaraDB RDS instance within the same VPC does not incur additional traffic charges.

• Q: How do I connect to the host of an ApsaraDB RDS instance?

  A: ApsaraDB RDS does not support connecting to the underlying host over SSH or RDP. You must use the database endpoint to access the instance.

• Q: Why is the connection from an ECS instance to an ApsaraDB RDS instance over the internal network slow to establish, and how can I troubleshoot this issue?

  A: You can investigate the following two aspects:

  • Short-lived connections require a TCP three-way handshake and database authentication for each connection, which introduces significant overhead. To reduce this overhead, replace short-lived connections with a connection pool or persistent connections.

  • Verify whether the ECS instance and the ApsaraDB RDS instance are in the same availability zone. Cross-zone connections increase network latency.

References

• Connect to an ApsaraDB RDS for MySQL instance

• Connect to an ApsaraDB RDS for SQL Server instance

• Connect to an ApsaraDB RDS for PostgreSQL instance

• Connect to an ApsaraDB RDS for MariaDB instance