After you establish a network connection between a resource group and a data source, such as a database, a data service, or other data in a specific network environment, the resource group may still fail to access the data source because an IP address whitelist that allows access from only specific IP addresses is configured for the data source. In this case, you must add the IP address or CIDR block of the resource group to the IP address whitelist of the data source. This topic provides instructions on configuring an IP address whitelist.
Prerequisites
A network connection is established between the resource group and the data source. For more information, see Establish a network connection between a resource group and a data source.
Background information
If a network connection is established between your resource group and your data source as described in Establish a network connection between a resource group and a data source, but the resource group still cannot access the data source, the data source may be configured with an IP address whitelist that denies access from some IP addresses. In this case, you must obtain and add the IP address or CIDR block of the resource group to the IP address whitelist of the data source.
Obtain the IP address or CIDR block of a resource group
If you want to access a data source over a VPC, you must add the CIDR block of the vSwitch with which the resource group is associated to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the desired resource group and click Network Settings in the Actions column. On the VPC Binding tab of the page that appears, view and record the CIDR block of the related vSwitch. Then, add the CIDR block to the IP address whitelist of the data source.
If you want to access a data source over the Internet, you must perform one of the following operations to configure the IP address whitelist of the data source:
If you use a serverless resource group, you must add the EIP configured for the VPC with which the resource group is associated to the IP address whitelist of the data source.
On the Internet NAT Gateway page of the VPC console, find the source network address translation (SNAT) entry that is configured, and obtain the public IP address that is associated with the related vSwitch. Then, add the public IP address to the IP address whitelist of the data source.
If you use an old-version resource group, you must add the EIP of the resource group to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the desired resource group and click Details in the Actions column. In the Basic Information section of the page that appears, view and record the EIP displayed next to the EIPAddress parameter. Then, add the EIP to the IP address whitelist of the data source.
NoteIf you scale out the resource group in subsequent operations, you must check whether the EIP changes. If the EIP changes, we recommend that you add the latest EIP to the IP address whitelist of the data source at the earliest opportunity after the scale-out operation. This ensures that your task can run as expected.