All Products
Search

This Product

    Serverless App Engine:Configure a whitelist for an Tair (Redis OSS-Compatible) instance

    Document Center

    Serverless App Engine:Configure a whitelist for an Tair (Redis OSS-Compatible) instance

    Last Updated:Nov 19, 2024

    If an application that is hosted on Serverless App Engine (SAE) needs to access an Tair (Redis OSS-compatible) instance, you must configure a whitelist for the Tair (Redis OSS-compatible) instance. This topic describes how to configure a whitelist for a Tair (Redis OSS-compatible) instance in different scenarios.

    Scenario 1: An application accesses a Tair (Redis OSS-compatible) instance in the same virtual private cloud (VPC)

    1. Obtain the IP addresses of the VPC and vSwitch of the SAE application.

      1. Log on to the SAE console.

      2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

      3. Obtain the IP addresses.

        • VPC: In the Application Information section of the Basic Information tab, click the name of the VPC field to go to the VPC console. On the Information tab, copy and save the value of the IPv4 CIDR Block parameter.

        • vSwitch: In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

    2. Log on to the console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click its ID.

    3. In the left-side navigation pane, click Whitelist Settings.

    4. Find the default whitelist and click Modify.

      Note

      You can also click Whitelist to create a whitelist. The name of a whitelist must be 2 to 32 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit.

    5. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 1 to the whitelist, and click OK. db_configure_a_whitelist_for_redis_instances

      Note

      You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

      After you configure the settings, the application that you deployed on SAE can access the Tair (Redis OSS-compatible) instance in the same VPC.

    Scenario 2: An application accesses a Tair (Redis OSS-compatible) instance across VPCs or regions

    VPCs or regions are logically isolated from each other. Therefore, you cannot access Tair (Redis OSS-compatible) instances across VPCs or regions by default. If your application needs to access a Tair (Redis OSS-compatible) instance across VPCs or regions, perform the following steps:

    1. Before you configure a whitelist, make sure that the following prerequisites are met:

      A service bundle that consists of an Internet NAT gateway and an elastic IP address (EIP) is purchased, and Internet access is enabled for the SAE application. For more information, see Configure a NAT gateway for an SAE application to enable Internet access.

    2. Obtain the EIP of the SAE application and the CIDR block of the vSwitch.

      1. Log on to the SAE console.

      2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

      3. In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

      4. In the left-side navigation pane, choose NAT Gateway > Internet NAT Gateway.

      5. On the Internet NAT Gateway page, find the required NAT gateway, and copy and save the value that is displayed in the Elastic IP Address column.

    3. Log on to the console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click its ID.

    4. In the left-side navigation pane, click Whitelist Settings.

    5. Find the default whitelist and click Modify.

      Note

      You can also click Add Whitelist to create a whitelist. The name of a whitelist must be 2 to 32 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit.

    6. In the Edit Whitelist dialog box, add the IP addresses that you obtained in Step 2 to the whitelist, and click OK. db_configure_a_whitelist_for_redis_instances_cross_vpc_or_region

      Note

      You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

      After you configure the settings, the application that you deployed on SAE can access the Tair (Redis OSS-compatible) instance across VPCs or regions.

    References

    You can configure an IP address whitelist to access a Tair (Redis OSS-compatible) instance. You can also configure a security group to access the Tair (Redis OSS-compatible) instance. For more information, see the "Method 2: Add ECS security groups as whitelists" section in Configure whitelists.