To ensure the security and stability of AnalyticDB for PostgreSQL databases, AnalyticDB for PostgreSQL instances block access from all IP addresses by default. Before you can use an AnalyticDB for PostgreSQL instance, you must add the IP addresses or CIDR blocks of your client to a whitelist of the AnalyticDB for PostgreSQL instance. A properly configured IP address whitelist can make your AnalyticDB for PostgreSQL instance more secure. We recommend that you maintain IP address whitelists on a regular basis.
Preparations
Before you configure a whitelist for an AnalyticDB for PostgreSQL instance, you must obtain the IP addresses of your client based on its installation location by using the following methods.
Client installation location | Network type | How to obtain IP addresses |
ECS instance (recommended) | VPC | Check the IP address of the Elastic Computer Service (ECS) instance. For more information, see the "How do I query the IP addresses of ECS instances?" section of the Network FAQ topic. Note Make sure that the ECS and AnalyticDB for PostgreSQL instances reside in the same virtual private cloud (VPC). The VPC IDs of the two instances must be the same. If the VPC IDs are different, change the VPC of the ECS instance. For more information, see Change the VPC of an ECS instance. |
On-premises device or third-party cloud | Internet | The method that is used to obtain the public IP address of the on-premises device may vary based on your network environment or operating system.
|
Procedure
- Log on to the AnalyticDB for PostgreSQL console.
- In the upper-left corner of the console, select a region.
- Find the instance that you want to manage and click the instance ID.
In the left-side navigation pane, click Security Controls.
On the Security Controls page, perform the following operations:
Create a whitelist
Click Create Whitelist.
In the Create Whitelist panel, configure the parameters that are described in the following table.
Parameter
Description
Whitelist Name
The name of the whitelist.
The name can contain lowercase letters, digits, and underscores (_).
The name must start with a lowercase letter and end with a lowercase letter or a digit.
The name must be 2 to 32 characters in length.
IP Addresses
The IP addresses or CIDR blocks that are allowed to access the instance.
Separate multiple IP addresses with commas (,). A maximum of 999 unique IP addresses can be specified.
You can enter specific IP addresses such as 10.23.12.24 and CIDR blocks such as 10.23.12.24/24. /24 indicates the length of the IP address prefix. An IP address prefix can be 1 to 32 bits in length.
If you set the prefix length to 0, for example, 0.0.0.0/0 or 127.0.0.1/0, all IP addresses are allowed to access the instance. This poses a high security risk. Proceed with caution.
The IP address 127.0.0.1 indicates that no external IP addresses are allowed to access the instance.
Click OK.
Modify a whitelist
Find the whitelist that you want to modify and click Modify.
In the Modify Whitelist panel, add or remove IP addresses or CIDR blocks in the IP Addresses section.
NoteYou cannot modify the Whitelist Name.
Click OK.
Delete a whitelist
NoteThe default whitelist cannot be deleted.
Find the whitelist that you want to delete and click Delete.
In the Delete Whitelist message, click OK.
Clear the default whitelist
Click Clear to the right of the default whitelist.
In the Clear Whitelist message, click OK.
After you clear the default whitelist, it contains only 127.0.0.1.
Related operations
Operation | Description |
Queries the IP addresses that are allowed to access an instance. | |
Modifies the IP addresses that are allowed to access an instance. |