To ensure that Data Management (DMS) can access your database instance, you must add the IP addresses and CIDR blocks of DMS in the corresponding region to the security settings, such as the firewall, whitelist, or security group settings, of the database instance.
Add DMS IP addresses and CIDR blocks to the security settings of an ApsaraDB database instance
Applicable scope: ApsaraDB database instances and self-managed databases on Elastic Compute Service (ECS) instances.
Add DMS IP addresses and CIDR blocks to the security settings of a database instance in the DMS console
You can use one of the following methods to add DMS IP addresses and CIDR blocks:
Via system prompts
When you log on to an ApsaraDB database instance in DMS for the first time, DMS prompts you to add the IP addresses and CIDR blocks of DMS to the security settings of the database instance. In this case, you need to click Configure Whitelist in the dialog box. After the configuration is complete, you can log on to the database instance again in DMS.
On the Instances page
NoteOnly DMS administrators or database administrators (DBAs) can use this method.
- Log on to the DMS console V5.0.
Move the pointer over the icon in the upper-left corner of the DMS console and choose
.NoteIf you use the DMS console in normal mode, choose
in the top navigation bar.On the Instance List tab, select the database instance that you want to manage and click Configure Whitelist in the upper part of the tab.
In the message that appears, click OK.
Add DMS IP addresses and CIDR blocks to the security settings of a database instance in the corresponding console
Log on to the console of the corresponding service and find the database instance that you want to manage. In this example, an ApsaraDB RDS for MySQL instance is used.
Click the ID of the database instance. In the left-side navigation pane, click Whitelist and SecGroup.
Obtain the IP addresses and CIDR blocks of DMS, add them to the whitelist of the database instance, and then click OK.
For example, the database instance resides in the China (Hangzhou) region and the network type is Virtual Private Cloud (VPC). DMS IP addresses and CIDR blocks are provided in Table 1 in the "DMS IP addresses and CIDR blocks" section of this topic. In this example, you need to find the China (Hangzhou) row and VPC column in Table 1, and copy and paste the IP addresses and CIDR blocks to the whitelist of the database instance.
Add DMS IP addresses and CIDR blocks to the security settings of a database on a third-party cloud or a self-managed database
You must manually add the IP addresses and CIDR blocks of DMS to the security settings of databases on third-party clouds, self-managed databases that are not hosted on ECS instances, and databases connected over public IP addresses and VPCs.
DMS IP addresses and CIDR blocks
When you add the IP addresses and CIDR blocks of DMS, we recommend that you copy and paste all IP addresses and CIDR blocks of DMS in the corresponding region to the security settings.
You can add the public IP addresses and CIDR blocks of DMS. However, this may cause security risks. Proceed with caution.
We recommend that you increase the security of your account and limit the ports for inbound traffic. You can also connect to the database instance over Express Connect, VPN Gateway, or Smart Access Gateway.
Table 1. IP addresses and CIDR blocks
Region | VPC-connected (self-managed databases hosted on ECS, ApsaraDB database instances, and on-premises databases connected over Express Connect circuits) | Classic network-connected (self-managed databases hosted on ECS and ApsaraDB database instances) | Internet-connected |
China (Hangzhou) | 100.104.175.0/24,100.104.201.0/26,100.104.52.0/24,100.104.61.128/26,100.104.244.64/26,100.104.216.192/26,100.104.85.0/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Shanghai) | 100.104.5.0/24,100.104.205.0/24,100.104.226.128/26,100.104.149.64/26 | 10.152.163.0/24,10.137.42.0/24,11.154.24.173 | 139.224.4.85,139.224.4.79,101.133.205.192/26,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26 |
China (Nanjing - Local Region) | 100.104.182.128/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Qingdao) | 100.104.188.0/24,100.104.72.0/24,100.104.35.192/26 | 10.151.203.0/24,10.137.42.0/24,10.245.213.244 | 114.215.161.28,114.215.161.36,118.190.207.194,118.190.207.25,120.27.72.0/26,120.27.72.64/26,120.27.72.128/26,120.27.72.192/26 |
China (Beijing) | 100.104.72.0/24,100.104.183.0/24,100.104.236.128/26,100.104.128.192/26,100.104.227.192/26 | 11.192.101.0/24,10.137.42.0/24,11.115.125.224 | 60.205.89.31,60.205.89.21,8.131.132.0/26,39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26 |
China (Zhangjiakou) | 100.104.205.0/24,100.104.175.0/24 | 11.192.243.0/24,11.193.233.87 | 47.92.22.68,39.101.252.128/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26 |
China (Hohhot) | 100.104.205.0/24,100.104.72.0/24 | 11.193.183.0/24,11.197.113.225 | 39.104.29.35,39.104.78.173,39.104.79.122,39.104.86.0,39.104.62.152,39.104.72.87,39.99.77.0/26,39.99.77.64/26,39.99.77.128/26,39.104.220.192/26 |
China (Ulanqab) | 100.104.10.192/26 | 10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Chengdu) | 100.104.5.0/26 | 11.195.52.68/24,11.119.156.53 | 47.108.22.35,47.109.5.0/26,47.108.45.128/26,47.108.45.192/26,47.108.47.0/26,47.108.47.64/26 |
China (Shenzhen) | 100.104.5.0/24,100.104.75.64/26,100.104.235.192/26,100.104.205.0/24,100.104.41.64/26 | 10.152.27.0/24,10.137.42.0/24,10.245.164.219 | 120.76.91.7,120.76.91.29,47.113.76.192/26,47.112.83.192/26,47.112.84.0/26,47.112.84.64/26,47.112.84.128/26 |
China (Heyuan) | 100.104.96.64/26 | 11.118.24.0/24,10.137.42.0/24,10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Guangzhou) | 100.104.248.128/26 | 10.137.42.0/24,10.152.29.0/24,10.58.93.2 | 8.134.79.141,8.134.79.143,8.134.0.64/26,8.134.0.128/26,8.134.0.192/26,8.134.5.0/26 |
China (Wuhan - Local Region) | 100.104.193.128/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24,10.6.226.32,10.6.226.33,10.187.128.215,10.187.128.216 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China (Hong Kong) | 100.104.205.0/24,100.104.233.0/24,100.104.177.192/26,100.104.158.192/26 | 10.152.161.0/24,10.137.42.0/24,10.254.102.13 | 47.89.61.33,47.89.61.59,47.243.0.32/28,47.56.45.128/26,47.56.45.192/26,47.90.24.0/26,47.90.24.64/26 |
Singapore | 100.104.205.0/24,100.104.188.0/24,100.104.207.128/26,100.104.179.64/26,100.104.12.0/26 | 10.152.166.0/24,10.137.42.0/24,10.88.51.209 | 47.88.147.36,47.88.147.22,161.117.172.0/28,161.117.146.128/26,161.117.146.192/26,161.117.164.0/26,161.117.164.64/26 |
Australia (Sydney) Closing Down | 100.104.5.0/24,100.104.233.0/24,100.104.3.128/26 | 11.192.100.0/24,11.195.117.227 | 47.91.49.175,47.91.49.169,47.252.149.128/26,47.252.149.192/26,47.252.150.0/26,47.252.150.64/26 |
Malaysia (Kuala Lumpur) | 100.104.175.0/24,100.104.5.0/24 | 11.193.189.0/24,11.196.42.179 | 47.254.212.25,47.250.34.128/28,47.250.30.0/26,47.250.30.64/26,47.250.30.128/26,47.250.30.192/26 |
Indonesia (Jakarta) | 100.104.5.0/24,100.104.35.192/26,100.104.175.0/24 | 11.194.48.0/22,11.59.138.151 | 149.129.228.88,147.139.165.206,147.139.133.46,147.139.179.168,147.139.132.101,147.139.156.0/26,147.139.156.64/26,147.139.156.128/26,149.129.230.192/26 |
Japan (Tokyo) | 100.104.205.0/24,100.104.112.0/24,100.104.117.192/26,100.104.112.0/24,100.104.117.192/26 | 11.192.147.0/24,11.192.148.0/24,11.192.149.0/24 | 47.91.13.31,47.91.13.77,8.209.192.160/28,47.91.0.128/26,47.91.0.192/26,47.245.51.128/26,47.245.51.192/26 |
US (Silicon Valley) | 100.104.205.0/24,100.104.48.128/26,100.104.175.0/24 | 10.152.31.0/24,10.137.42.0/24,10.60.82.16 | 47.89.224.28,47.89.224.56,47.88.1.17,47.88.6.196,47.88.10.217,47.88.15.174,47.88.98.0/26,47.88.98.64/26,47.88.98.128/26,47.88.98.192/26 |
US (Virginia) | 100.104.205.0/24,100.104.233.0/24,100.104.240.128/26 | 10.152.235.0/24,10.137.42.0/24,11.194.67.243 | 47.88.98.24,47.88.98.20,47.253.64.0/28,47.252.71.128/26,47.252.71.192/26,47.252.90.0/26,47.252.90.64/26 |
UK (London) | 100.104.5.0/24,100.104.133.64/26,100.104.207.128/26 | 11.199.93.0/24,11.199.225.130 | 8.208.17.76,8.208.75.64/28,8.208.73.0/26,8.208.73.64/26,8.208.73.128/26,8.208.73.192/26 |
Germany (Frankfurt) | 100.104.233.0/24,100.104.5.0/24,100.104.193.128/26 | 11.192.169.0/24,11.192.170.0/24,11.194.56.218 | 47.91.83.56,47.91.83.15,47.245.155.0/28,8.209.86.0/26,47.254.165.64/26,47.254.165.128/26,47.254.165.192/26 |
UAE (Dubai) | 100.104.5.0/24,100.104.205.0/24 | 11.192.189.0/24,11.192.190.0/24,11.192.191.0/24 | 47.91.102.19,47.91.103.51 |
Philippines (Manila) | 100.104.36.0/26 | 10.43.148.217,10.43.148.218 | 8.212.136.64/26,8.212.136.128/26,8.212.136.192/26,8.212.137.0/26 |
Thailand (Bangkok) | 100.104.106.192/26 | 10.186.15.148,10.186.15.149 | 8.213.162.64/26,8.213.162.128/26,8.213.162.192/26,8.213.163.0/26 |
SAU (Riyadh) | 100.104.12.0/26 | 10.187.119.182,10.187.119.183,10.187.115.137 | 8.213.0.128/26,8.213.0.192/26,8.213.5.0/26,8.213.5.64/26,8.213.16.59,8.213.16.91,8.213.16.111,8.213.16.17,8.213.16.123,8.213.6.0/26,8.213.6.64/26,8.213.6.128/26,8.213.6.192/26 |
Russia | 100.104.35.192/26 | 11.111.39.128,11.111.39.129 | 8.209.134.64/26,8.209.134.128/26,8.209.134.192/26 |
China North 2 Finance (Preview) | 100.104.144.0/26 | 10.254.13.200,10.254.13.201,10.254.22.182 | 39.107.7.0/26,39.107.7.64/26,182.92.32.128/26,182.92.32.192/26,47.92.185.0/26,47.92.185.64/26,47.92.185.128/26,47.92.185.192/26 |
China East 1 Finance | 100.104.175.0/24,100.104.52.0/24,100.104.216.192/26 | 11.193.54.0/24,10.143.32.0/24,10.143.34.0/24,10.137.42.0/24,10.152.29.0/24 | 116.62.251.150,47.96.59.4,47.96.58.245,116.62.250.113,116.62.249.73,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China North 1 Finance | 100.104.5.0/24 | 10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
China East 2 Finance | 100.104.72.0/24,100.104.175.0/24 | 10.152.163.0/24,10.137.42.0/24,10.152.29.0/24,10.254.213.170 | 139.224.122.227,139.224.123.13,139.224.124.107,139.224.123.165,47.102.181.128/26,47.102.181.192/26,47.102.234.0/26,47.102.234.64/26,47.103.170.128/26,47.103.170.192/26,47.103.171.0/26,47.103.171.64/26 |
China South 1 Finance | 100.104.205.0/24,100.104.72.0/24 | 10.152.27.0/24,10.137.42.0/24,10.152.29.0/24 | 8.136.163.64/27,118.31.243.0/26,118.31.243.64/26,118.31.243.128/26,118.31.243.192/26 |
FAQ
Q: What do I do if I fail to connect to a database instance from DMS after the IP addresses and CIDR blocks of DMS are added to the IP address whitelist of the database instance?
A: Perform the following operations to troubleshoot the issue:
Try again later. The whitelist takes time to become effective.
If you access the database instance over the Internet, add the IP addresses and CIDR blocks of DMS in the China (Hangzhou) region to the IP address whitelist of the database instance. Then, try to connect to the database instance again.
In the Add Instance or Edit dialog box, check the connection information such as the port number.
Q: What do I do if I fail to connect to an ApsaraDB RDS instance in the classic network from DMS and the ApsaraDB RDS instance can only be accessed by using a public endpoint?
A: You can use one of the following methods to resolve this issue:
Add the IP addresses and CIDR blocks of DMS in the same region in which the ApsaraDB RDS instance resides to the IP address whitelist of the ApsaraDB RDS instance. For more information, see Configure an IP address whitelist.
Apply for an internal endpoint for the ApsaraDB RDS instance in the ApsaraDB RDS console.