If an application that is hosted on Serverless App Engine (SAE) needs to access an ApsaraDB RDS instance, you must configure a whitelist for the ApsaraDB RDS instance. This topic describes how to configure an IP address whitelist for an ApsaraDB RDS for MySQL instance in different scenarios.
Prerequisites
An ApsaraDB RDS for MySQL instance is purchased. For more information, see Purchase guide.
A service bundle that consists of an Internet NAT gateway and an elastic IP address (EIP) is purchased. For more information, see Purchase a service bundle that consists of an SNAT-enabled Internet NAT gateway and an EIP for a VPC.
Internet access is enabled for an application that is deployed on SAE. For more information, see Configure a NAT gateway for an SAE application to enable Internet access.
Background information
ApsaraDB RDS supports the MySQL, SQL Server, PostgreSQL, and MariaDB database engines. For more information, see What is ApsaraDB RDS?.
For information about how to configure a whitelist, see the following topics:
Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance
Configure an IP address whitelist for an ApsaraDB RDS for SQL Server instance
Configure an IP address whitelist for an ApsaraDB RDS for PostgreSQL instance
Configure an IP address whitelist for an ApsaraDB RDS for MariaDB instance
Scenario 1: An application accesses an ApsaraDB RDS instance in the same virtual private cloud (VPC)
Obtain the IP addresses of the VPC and vSwitch of the SAE application.
Log on to the SAE console.
In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.
Obtain the IP addresses.
VPC: In the Application Information section of the Basic Information tab, click the name of the VPC field to go to the VPC console. On the Information tab, copy and save the value of the IPv4 CIDR Block parameter.
vSwitch: In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Whitelist and SecGroup.
View the network isolation mode of the RDS instance.
NoteIf your RDS instance runs MySQL 5.1, MySQL 5.5, MySQL 5.6, or MySQL 5.7 and uses local disks, you can change the network isolation mode of the RDS instance to the enhanced whitelist mode. RDS instances that run other database engine versions use the standard whitelist mode.
Click Modify to the right of default. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 1 to the whitelist, and click OK.
NoteYou can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.
You can also click Create Whitelist to create an IP address whitelist.
After you configure the settings, the application that you deployed on SAE can access the ApsaraDB RDS instance in the same VPC.
Scenario 2: An application accesses an ApsaraDB RDS instance across VPCs or regions
VPCs or regions are logically isolated from each other. Therefore, you cannot access ApsaraDB RDS instances across VPCs or regions by default. If your application needs to access an ApsaraDB RDS instance across VPCs or regions, perform the following steps:
Obtain the EIP of the SAE application and the CIDR block of the vSwitch.
Log on to the SAE console.
In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.
In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.
In the left-side navigation pane, choose .
On the Internet NAT Gateway page, find the required NAT gateway, and copy and save the value that is displayed in the Elastic IP Address column.
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Whitelist and SecGroup.
View the network isolation mode of the RDS instance.
NoteIf your RDS instance runs MySQL 5.1, MySQL 5.5, MySQL 5.6, or MySQL 5.7 and uses local disks, you can change the network isolation mode of the RDS instance to the enhanced whitelist mode. RDS instances that run other database engine versions use the standard whitelist mode.
Click Modify to the right of default. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 1 to the whitelist, and click OK.
NoteYou can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.
You can also click Create Whitelist to create an IP address whitelist.
After you configure the settings, the application that you deployed on SAE can access the ApsaraDB RDS instance across VPCs or regions.
References
You can configure an IP address whitelist to access an ApsaraDB RDS instance. You can also configure a security group to access the ApsaraDB RDS instance. For more information, see the following topics: