This topic describes how to change the network type of an ApsaraDB RDS for PostgreSQL instance based on your business requirements.
Network types
Classic network: RDS instances in the classic network are not isolated. To block unauthorized access to these instances, you must configure IP address whitelists or security groups.
Virtual private cloud (VPC): Each VPC is an isolated virtual network. We recommend that you select the VPC type because it is more secure than the classic network.
You can configure route tables, CIDR blocks, and gateways in a VPC. In addition, you can connect your data center to a VPC by using Express Connect circuits or VPNs. The data center and the VPC comprise a virtual data center. You can use the virtual data center to migrate your workloads to the cloud with no downtime.
You can select the classic or VPC network type and switch your RDS instance between these network types free of charge.
Before you change the network type, you must enable the enhanced whitelist mode for your RDS instance. For more information, see Change the whitelist mode to the enhanced whitelist mode.
View the network type
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Database Connection.
Change the network type from classic network to VPC
Your RDS instance resides in the classic network.
Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to VPC.
In the Switch to VPC dialog box, select a VPC and a vSwitch and specify whether to retain the classic network endpoint.
Select a VPC. We recommend that you select the VPC where the Elastic Compute Service (ECS) instance that you want to connect resides. If the ECS instance and the RDS instance reside in different VPCs, these instances cannot communicate over an internal network unless you use Cloud Enterprise Network (CEN) or VPN Gateway to enable network communication between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN or Establish IPsec-VPN connections between two VPCs.
Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the zone where the RDS instance resides. For more information, see Create and manage a vSwitch.
Clear or select the Reserve original classic endpoint check box. For more information, see the following table.
Operation
Description
Clear the Reserve original classic endpoint check box
The classic network endpoint is not retained and changes to a VPC endpoint.
When you change the network type from classic network to VPC, a transient connection that lasts approximately 30 seconds occurs and ECS instances that reside in the classic network are immediately disconnected from your RDS instance.
Select the Reserve original classic endpoint check box
The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, your RDS instance is in the hybrid access mode. Both classic network-type ECS instances and VPC-type ECS instances can access your RDS instance over an internal network. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for PostgreSQL instance.
When you change the network type from classic network to VPC, no transient connection occurs. The connection between each classic network-type ECS instance and the RDS instance remains available until the classic network endpoint expires.
Before the classic network endpoint expires, add the VPC endpoint to your application that runs on a VPC-type ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC with no downtime. ApsaraDB RDS sends a text message to the mobile number that is bound to your Alibaba Cloud account every day within seven days before the classic network endpoint expires.
For more information, see Configure the hybrid access solution.
Add the private IP address of the required VPC-type ECS instance to an IP address whitelist of the VPC network type on the RDS instance. This way, the ECS instance can access the RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.
Add the VPC endpoint of the RDS instance to the required VPC-type ECS instance.
If you selected Reserve original classic endpoint, you must add the VPC endpoint to your application that runs on the required VPC-type ECS instance before the classic network endpoint expires.
If you cleared the Reserve original classic endpoint check box, the connection between each classic network-type ECS instance and the RDS instance over an internal network is immediately closed after the network type is changed. You must add the VPC endpoint of the RDS instance to your application that runs on the required VPC-type ECS instance.
NoteIf the RDS instance resides in a VPC and you want to connect a classic network-type ECS instance to the RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Overview.
Related operations
Operation | Description |
Changes the network type of an instance. |