All Products
Search
Document Center

ApsaraDB for SelectDB:Configure an IP address whitelist

Last Updated:Dec 17, 2024

To ensure the security and stability of ApsaraDB for SelectDB instances, the system rejects requests from all IP addresses to access ApsaraDB for SelectDB instances by default. Before you use an ApsaraDB for SelectDB instance, you must add the IP addresses or CIDR blocks from which access requests are to be sent to an IP address whitelist of the ApsaraDB for SelectDB instance.

Usage notes

  • The IP addresses in an IP address whitelist are allowed to access your ApsaraDB for SelectDB instance. To protect your ApsaraDB for SelectDB instance at a higher level, we recommend that you maintain the IP address whitelists of your instance on a regular basis.

  • The default IP address whitelist cannot be deleted. You can only modify IP addresses in the whitelist or remove IP addresses from the whitelist. The default IP address whitelist initially contains only the IP address 127.0.0.1.

  • Take note of the following limits:

    • The IP address whitelists of an ApsaraDB for SelectDB instance can contain up to 200 IP addresses or CIDR blocks.

    • Each IP address whitelist can contain up to 50 IP addresses or CIDR blocks.

  • After you add IP addresses or CIDR blocks to an IP address whitelist, remove IP addresses or CIDR blocks from an IP address whitelist, or modify IP addresses or CIDR blocks in an IP address whitelist, it takes about 1 minute for the whitelist to take effect.

Important

If you add 0.0.0.0/0 to an IP address whitelist of an ApsaraDB for SelectDB instance, all IP addresses are allowed to access the instance. This operation poses high security risks and may cause unauthorized access. Proceed with caution.

After you configure an IP address whitelist for your ApsaraDB for SelectDB instance, you can use related ApsaraDB for SelectDB API operations. For more information, see OPENAPI OVERVIEW.

Impact of an IP address whitelist on ApsaraDB for SelectDB instances

When you configure an IP address whitelist for an ApsaraDB for SelectDB instance, the instance runs as expected.

Procedure

  1. Log on to the ApsaraDB for SelectDB console.

  2. In the top navigation bar, select the region in which your ApsaraDB for SelectDB instance resides.

  3. On the Instances page, find the instance that you want to manage and click the instance ID.

  4. On the Instance Details page, click Data Security in the left-side navigation pane.

  5. On the page that appears, find the IP address whitelist named default and click Modify in the Actions column.

    Note

    You can also click Create Whitelist. In the panel that appears, configure the Whitelist Name and Whitelist parameters.

  6. In the panel that appears, add IP addresses or CIDR blocks to the whitelist.

  7. Click OK.

    After the IP addresses or CIDR blocks are added to the whitelist, you can view the IP addresses or CIDR blocks that you added on the Data Security page.

What to do next