All Products
Search

This Product

    ApsaraDB RDS:Apply for or release a public endpoint

    Document Center

    ApsaraDB RDS:Apply for or release a public endpoint

    Last Updated:Jul 26, 2024

    ApsaraDB RDS provides an internal endpoint that you can use to connect to your ApsaraDB RDS for PostgreSQL instance from an Alibaba Cloud instance such as an Elastic Compute Service (ECS) instance within the same virtual private cloud (VPC) as the RDS instance. If your application is deployed on an Alibaba Cloud instance that resides in a different VPC from the RDS instance or an on-premise device, you must apply for a public endpoint and use the public endpoint to connect the application to your RDS instance.

    Internal and public endpoints

    Endpoint type

    Description

    Internal endpoint

    • By default, an internal endpoint is provided. You do not need to apply for the internal endpoint. You cannot release the internal endpoint. However, you can change the network type.

    • If the ECS instance on which your application is deployed resides in the same VPC as your RDS instance, these instances can communicate over an internal network, and you do not need to apply for a public endpoint.

    • For security and performance purposes, we recommend that you connect to your RDS instance by using the internal endpoint.

    Public endpoint

    • You must manually apply for a public endpoint for your RDS instance. You can release the public endpoint if it is no longer required.

    • If you cannot connect to your RDS instance by using the internal endpoint, you must apply for a public endpoint. You may need to apply for a public endpoint in the following scenarios:

      • Connect to your RDS instance from an ECS instance that resides in a different region or has a different network type than your RDS instance. For more information, see Network types.

      • Connect to your RDS instance from a device outside Alibaba Cloud.

    Important

    • You are not charged for applying for a public endpoint. You are also not charged for the traffic that is generated after you use the public endpoint to connect to your RDS instance over the Internet.

    • If you use a public endpoint to connect to an RDS instance, data security is compromised. Proceed with caution.

    • For faster transmission and higher security, we recommend that you migrate your application to an ECS instance that resides in the same region and has the same network type as the RDS instance. This way, you can connect to the RDS instance by using the internal endpoint of the RDS instance.

    Limits

    If forceful SSL encryption is enabled for the internal endpoint of the RDS instance, you cannot apply for a public endpoint for the instance. For more information, see Configure the SSL encryption feature. To apply for a public endpoint, you must disable forceful SSL encryption for the internal endpoint of the RDS instance and set the Forceful Encryption parameter to No for the internal or public endpoint based on your business requirements. This helps meet Internet-based access requirements and ensures data security. For more information, see Configure the SSL encryption feature.

    Apply for or release a public endpoint

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane, click Database Connection.

    3. Apply for or release a public endpoint.

      • If you have not applied for a public endpoint, click Apply for Public Endpoint.

      • If you have applied for a public endpoint, you can click Release Public Endpoint.

    4. In the message that appears, click OK.

      Important

      After the public endpoint is released, clients cannot connect to the RDS instance by using the released public endpoint.

    References