This topic answers frequently asked questions about adding whitelists.
Determine IP CIDR blocks
Public network access scenarios
You can use the public network access capability of an exclusive resource group.
Exclusive resource groups provide public network access by default. Find the public egress IP address as follows:
Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, click Resource Group to go to the Resource Groups page.
For the destination resource group, click Details in the Actions column.
Copy the EIP address.
You can forward traffic through your own VPC.
You can bind a VPC and add a route to forward public network traffic through your own VPC. In this scenario, the egress IP address of the exclusive resource group is the IP address from your VPC. For more information, see Public NAT Gateway.
Internal network access scenarios
Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, click Resource Group to go to the Resource Groups page.
For the destination resource group, click Network Settings in the Actions column.
Copy the vSwitch CIDR block.
You must use the vSwitch CIDR block to configure the whitelist. If you use the IP addresses of elastic network interfaces (ENIs) for the whitelist, tasks may fail because of network inaccessibility when they run on scaled-out resources.
Add whitelists
By default, MaxCompute and Hologres do not have whitelists configured. If you configure a whitelist, only IP addresses in the whitelist are allowed access. For more information, see Manage IP address whitelists and IP address whitelists.
The following products support whitelist configuration.
Fully managed ApsaraDB products
Fully managed ApsaraDB products provide whitelist management features. You can configure whitelists in the console of the corresponding ApsaraDB product.
RDS. For more information, see Set an IP address whitelist.
PolarDB for MySQL. For more information, see Set a whitelist (migrated to parent).
PolarDB-X. For more information, see Set a whitelist.
MongoDB. For more information, see Modify a whitelist.
Kafka. For more information, see Configure a whitelist.
Elasticsearch. For more information, see Configure a public or private IP address whitelist for an instance.
AnalyticDB for MySQL. For more information, see Set a whitelist.
Redis. For more information, see Set a whitelist.
Semi-managed ApsaraDB products
Semi-managed ApsaraDB products rely on ECS security group rules.
HBase. For more information, see Set a whitelist.
For self-managed data sources on ECS instances, you must configure security groups. For more information, see Add a security group rule.
Why is my data synchronization task to MaxCompute failing or delayed when it used to work?
MaxCompute now supports VPC whitelists for Tunnel (Manage IP address whitelists). Ensure that the VPC of the resource group used for the sync task is included in the Tunnel whitelist.