All Products
Search
Document Center

Serverless App Engine:Configure a whitelist for an ApsaraDB RDS instance

Last Updated:Sep 03, 2024

If an application that is hosted on Serverless App Engine (SAE) needs to access an ApsaraDB RDS instance, you must configure a whitelist for the ApsaraDB RDS instance. This topic describes how to configure an IP address whitelist for an ApsaraDB RDS for MySQL instance in different scenarios.

Prerequisites

Background information

ApsaraDB RDS supports the MySQL, SQL Server, PostgreSQL, and MariaDB database engines. For more information, see What is ApsaraDB RDS?.

Scenario 1: An application accesses an ApsaraDB RDS instance in the same virtual private cloud (VPC)

  1. Obtain the IP addresses of the VPC and vSwitch of the SAE application.

    1. Log on to the SAE console.

    2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

    3. Obtain the IP addresses.

      • VPC: In the Application Information section of the Basic Information tab, click the name of the VPC field to go to the VPC console. On the Information tab, copy and save the value of the IPv4 CIDR Block parameter.

      • vSwitch: In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

  2. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  3. In the left-side navigation pane, click Whitelist and SecGroup.

  4. View the network isolation mode of the RDS instance.

    Note

    If your RDS instance runs MySQL 5.1, MySQL 5.5, MySQL 5.6, or MySQL 5.7 and uses local disks, you can change the network isolation mode of the RDS instance to the enhanced whitelist mode. RDS instances that run other database engine versions use the standard whitelist mode.

  5. Click Modify to the right of default. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 1 to the whitelist, and click OK. db_configure_a_whitelist_for_RDS_instances

    Note
    • You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

    • You can also click Create Whitelist to create an IP address whitelist.

    After you configure the settings, the application that you deployed on SAE can access the ApsaraDB RDS instance in the same VPC.

Scenario 2: An application accesses an ApsaraDB RDS instance across VPCs or regions

VPCs or regions are logically isolated from each other. Therefore, you cannot access ApsaraDB RDS instances across VPCs or regions by default. If your application needs to access an ApsaraDB RDS instance across VPCs or regions, perform the following steps:

  1. Obtain the EIP of the SAE application and the CIDR block of the vSwitch.

    1. Log on to the SAE console.

    2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

    3. In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

    4. In the left-side navigation pane, choose NAT Gateway > Internet NAT Gateway.

    5. On the Internet NAT Gateway page, find the required NAT gateway, and copy and save the value that is displayed in the Elastic IP Address column.

  2. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  3. In the left-side navigation pane, click Whitelist and SecGroup.

  4. View the network isolation mode of the RDS instance.

    Note

    If your RDS instance runs MySQL 5.1, MySQL 5.5, MySQL 5.6, or MySQL 5.7 and uses local disks, you can change the network isolation mode of the RDS instance to the enhanced whitelist mode. RDS instances that run other database engine versions use the standard whitelist mode.

  5. Click Modify to the right of default. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 1 to the whitelist, and click OK. db_configure_a_whitelist_for_RDS_instances_cross_vpc_or_region

    Note
    • You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

    • You can also click Create Whitelist to create an IP address whitelist.

    After you configure the settings, the application that you deployed on SAE can access the ApsaraDB RDS instance across VPCs or regions.

References

You can configure an IP address whitelist to access an ApsaraDB RDS instance. You can also configure a security group to access the ApsaraDB RDS instance. For more information, see the following topics: