Apply for a public endpoint for an ApsaraDB RDS for PostgreSQL instance - ApsaraDB RDS

ApsaraDB RDS provides an internal endpoint that you can use to connect to your ApsaraDB RDS for PostgreSQL instance from an Alibaba Cloud instance such as an Elastic Compute Service (ECS) instance within the same virtual private cloud (VPC) as the RDS instance. If your application is deployed on an Alibaba Cloud instance that resides in a different VPC from the RDS instance or an on-premise device, you must apply for a public endpoint and use the public endpoint to connect the application to your RDS instance.

Internal and public endpoints

Endpoint type	Description
Internal endpoint	By default, an internal endpoint is provided. You do not need to apply for the internal endpoint. You cannot release the internal endpoint. However, you can change the network type. If the ECS instance on which your application is deployed resides in the same VPC as your RDS instance, these instances can communicate over an internal network, and you do not need to apply for a public endpoint. For security and performance purposes, we recommend that you connect to your RDS instance by using the internal endpoint.
Public endpoint	You must manually apply for a public endpoint for your RDS instance. You can release the public endpoint if it is no longer required. If you cannot connect to your RDS instance by using the internal endpoint, you must apply for a public endpoint. You need to apply for a public endpoint in the following scenarios: Connect to your RDS instance from an ECS instance that resides in a different VPC from your RDS instance. Connect to your RDS instance from a device outside Alibaba Cloud. Important You are not charged for applying for a public endpoint. You are also not charged for the traffic that is generated after you use the public endpoint to connect to your RDS instance over the Internet. If you use a public endpoint to connect to an RDS instance, data security is compromised. Proceed with caution. For faster transmission and higher security, we recommend that you migrate your application to an ECS instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance by using the internal endpoint of the RDS instance.

Apply for or release a public endpoint

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Database Connection.
Apply for or release a public endpoint.
- If you have not applied for a public endpoint, you can click Apply for Public Endpoint.
- If you have applied for a public endpoint, click Release Internet Address.
Warning
When you apply for a public endpoint, Add 0.0.0.0/0 to the whitelist is selected by default. The 0.0.0.0/0 CIDR block indicates that all IP addresses are allowed to access your RDS instance. We recommend that you add this CIDR block only for a connectivity test. When you run online workloads, do not add this CIDR block to an IP address whitelist.
In the message that appears, click OK.

References

After you apply for a public endpoint, you must add the public IP address of the device on which the client or application resides to an IP address whitelist of your RDS instance. This way, you can connect to the RDS instance over the Internet. For more information, see Configure an IP address whitelist.
You can connect to your RDS instance by using the pgAdmin client, the PostgreSQL CLI, or an application. For more information, see Connect to an ApsaraDB RDS for PostgreSQL instance.
You can call the following API operations to apply for and release a public endpoint.
Operation
Description
AllocateInstancePublicConnection
Applies for a public endpoint for an instance.
ReleaseInstancePublicConnection
Releases the public endpoint of an instance.

Operation	Description
AllocateInstancePublicConnection	Applies for a public endpoint for an instance.
ReleaseInstancePublicConnection	Releases the public endpoint of an instance.