All Products
Search
Document Center

Serverless App Engine:Configure a whitelist for an ApsaraDB for Redis instance

Last Updated:Sep 03, 2024

If an application that is hosted on Serverless App Engine (SAE) needs to access an ApsaraDB for Redis instance, you must configure a whitelist for the ApsaraDB for Redis instance. This topic describes how to configure a whitelist for an ApsaraDB for Redis instance in different scenarios.

Scenario 1: An application accesses an ApsaraDB for Redis instance in the same virtual private cloud (VPC)

  1. Obtain the IP addresses of the VPC and vSwitch of the SAE application.

    1. Log on to the SAE console.

    2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

    3. Obtain the IP addresses.

      • VPC: In the Application Information section of the Basic Information tab, click the name of the VPC field to go to the VPC console. On the Information tab, copy and save the value of the IPv4 CIDR Block parameter.

      • vSwitch: In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

  2. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click its ID.
  3. In the left-side navigation pane, click Whitelist Settings.

  4. Find the default whitelist and click Modify.

    Note

    You can also click Whitelist to create a whitelist. The name of a whitelist must be 2 to 32 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit.

  5. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 1 to the whitelist, and click OK. db_configure_a_whitelist_for_redis_instances

    Note

    You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

    After you configure the settings, the application that you deployed on SAE can access the ApsaraDB for Redis instance in the same VPC.

Scenario 2: An application accesses an ApsaraDB for Redis instance across VPCs or regions

VPCs or regions are logically isolated from each other. Therefore, you cannot access ApsaraDB for Redis instances across VPCs or regions by default. If your application needs to access an ApsaraDB for Redis instance across VPCs or regions, perform the following steps:

  1. Before you configure a whitelist, make sure that the following prerequisites are met:

    A service bundle that consists of an Internet NAT gateway and an elastic IP address (EIP) is purchased, and Internet access is enabled for the SAE application. For more information, see Configure a NAT gateway for an SAE application to enable Internet access.

  2. Obtain the EIP of the SAE application and the CIDR block of the vSwitch.

    1. Log on to the SAE console.

    2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

    3. In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

    4. In the left-side navigation pane, choose NAT Gateway > Internet NAT Gateway.

    5. On the Internet NAT Gateway page, find the required NAT gateway, and copy and save the value that is displayed in the Elastic IP Address column.

  3. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click its ID.
  4. In the left-side navigation pane, click Whitelist Settings.

  5. Find the default whitelist and click Modify.

    Note

    You can also click Add Whitelist to create a whitelist. The name of a whitelist must be 2 to 32 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit.

  6. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 2 to the whitelist, and click OK. db_configure_a_whitelist_for_redis_instances_cross_vpc_or_region

    Note

    You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

    After you configure the settings, the application that you deployed on SAE can access the ApsaraDB for Redis instance across VPCs or regions.

References

You can configure an IP address whitelist to access an ApsaraDB for Redis instance. You can also configure a security group to access the ApsaraDB for Redis instance. For more information, see the "Method 2: Add ECS security groups as whitelists" section in Step 2: Configure whitelists.