All Products
Search
Document Center

ApsaraDB RDS:How do I connect to an ApsaraDB RDS instance?

Last Updated:Mar 19, 2024

This topic describes how to connect to an ApsaraDB RDS instance over the Internet or an internal network. We recommend that you establish a connection over an internal network to ensure data security and transmission efficiency.

Note

You can check the network type of the RDS instance and choose a connection method based on the network type of the RDS instance. For more information, see Use a client or the CLI to connect to an ApsaraDB RDS for MySQL instance.

Connect to an RDS instance over the Internet

If you want to connect to an RDS instance over the Internet, you must use the public endpoint of the RDS instance. By default, an RDS instance is not provided with a public endpoint. You must apply for a public endpoint for an RDS instance. For more information, see Apply for or release a public endpoint.

Note
  • If you use a public endpoint to connect to an RDS instance, data security is compromised. Proceed with caution.

  • For faster transmission and higher security, we recommend that you migrate your application to an Elastic Compute Service (ECS) instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance by using the internal endpoint of the RDS instance.

After you obtain a public endpoint, you can use the public endpoint to connect to the RDS instance. For more information, see the References section of this topic.

Connect to an RDS instance over an internal network

If you want to connect to an RDS instance over an internal network, you must use the internal endpoint of the RDS instance. For more information about how to view the internal endpoint of an RDS instance, see View and manage instance endpoints and ports.

Prerequisites

In most cases, you can connect to an RDS instance over an internal network only from an ECS instance. To connect to an RDS instance from an on-premises data center, you must use Cloud Enterprise Network (CEN) to enable communication between the data center and the RDS instance. For more information, see Use CEN to enable intra-region network communication.

If you want to connect an ECS instance to your RDS instance over an internal network, the following requirements must be met:

  • The ECS instance and the RDS instance reside in the same network type.

  • If the ECS instance and the RDS instance both reside in virtual private clouds (VPCs), these instances must reside in the same VPC.

  • The private IP address of the ECS instance is added to an IP address whitelist of the RDS instance. For more information, see Configure a whitelist.

Note

If the ECS instance and the RDS instance reside in different regions or are within different Alibaba Cloud accounts, you must use CEN to enable communication between the ECS instance and the RDS instance over an internal network. For more information, see Use Basic Edition transit routers to connect VPCs across regions.

If all the preceding requirements are met, you can use the internal endpoint of the RDS instance to connect the ECS instance to the RDS instance. For more information, see the References section of this topic.

FAQ

  • How do I prohibit access to my RDS instance over the Internet?

    Make sure that the IP address whitelists of your RDS instance contain only private IP addresses. You can also release the public endpoint of your RDS instance. For more information, see Apply for or release a public endpoint.

  • Why am I unable to change the network type of my RDS instance from VPC to classic network?

    Some RDS instances support only the VPC network type, and you cannot change the network type of the RDS instances from VPC to classic network. For more information, see Change the network type of an ApsaraDB RDS for MySQL instance.

  • Why is my RDS instance disconnected from an ECS instance even though the public IP address of the ECS instance is added to an IP address whitelist of my RDS instance?

    A possible cause is that the public IP address of the ECS instance is changed. In this case, you must add the new public IP address of the ECS instance to an IP address whitelist of your RDS instance.

References