After you create an ApsaraDB for HBase cluster, you must configure an IP address whitelist or specify Elastic Compute Service (ECS) security groups as whitelists for the cluster. This way, only the clients added to the whitelist or clients specified in the ECS security groups can access the ApsaraDB for HBase cluster.

Background information

By default, a newly created ApsaraDB for HBase cluster is inaccessible. This ensures database security.

Methods of configuring a whitelist

MethodDescription
Method 1: Configure an IP address whitelistTo allow a client to access an ApsaraDB for HBase cluster, add the IP address of the client to the IP address whitelist of the cluster.
Method 2: Specify ECS security groups as whitelistsA security group is a virtual firewall that is used to control the inbound and outbound traffic of ECS instances in the security group. For more information about security groups, see Overview. To allow multiple ECS instances to access an ApsaraDB for HBase cluster, you can associate the ApsaraDB for HBase cluster with the security groups to which the ECS instances belong. This way, you do not need to manually specify the IP addresses of the ECS instances. This simplifies O&M.

Method 1: Configure an IP address whitelist

  1. Log on to the ApsaraDB for HBase console.
  2. In the top navigation bar, select the region where your ApsaraDB for HBase cluster is deployed.
  3. On the Clusters page, find the cluster and click the ID of the cluster.
  4. In the left-side navigation pane of the page that appears, click Access Control.
  5. On the Whitelist Setting tab, click Modify Whitelist.
    Access control
  6. In the Modify Whitelist dialog box that appears, enter the IP addresses or CIDR blocks for which you want to enable access to the cluster and click OK.
    Important
    • The default whitelist contains only 127.0.0.1. If the default whitelist is used, no client is allowed to access the cluster.
    • If you enter 0.0.0.0 or 0.0.0.0/0 in the Whitelist field, access requests from all IP addresses are allowed. This poses high security risks to databases. To ensure database security, do not enter 0.0.0.0 or 0.0.0.0/0 in the Whitelist field.
    • If you want to use a public IP address to access open source components, enter the public IP address in the Whitelist field.

Method 2: Specify ECS security groups as whitelists

Note If this method is used, make sure that the ECS instances in the specified security groups have the same network type as the ApsaraDB for HBase cluster. If the ApsaraDB for HBase cluster is deployed in a virtual private cloud (VPC), the ECS instances must be deployed in the same VPC.
  1. Log on to the ApsaraDB for HBase console.
  2. In the top navigation bar, select the region where your ApsaraDB for HBase cluster is deployed.
  3. On the Clusters page, find the cluster and click the ID of the cluster.
  4. In the left-side navigation pane of the page that appears, click Access Control.
  5. On the Security Group tab, click Add Security Group.
    Click the Security Group tab
  6. In the Join Security Group dialog box that appears, select the required security groups and click OK.