This page introduces the procedure for setting allowlists. Allowlists can be instance-level or tenant-level. After you add an IP address to an allowlist, the address can access the corresponding tenant or instance.
Background information
IP allowlist groups for instances
OceanBase Cloud supports adding IP allowlist groups to instances. By default, one IP allowlist group cannot be deleted. Before you connect to an instance for the first time, you must set the IP allowlist for the instance to connect to and use it. You can add up to 10 IP allowlist groups. The names of IP allowlist groups cannot be duplicated, and groups cannot be empty. Each IP allowlist group can contain up to 40 allowlists. You can set IP allowlist groups to provide access security for instances. We recommend that you regularly maintain IP allowlist groups.
IP allowlist groups for tenants
OceanBase Cloud supports adding IP allowlist groups to tenants. This allows you to specify which IP addresses are allowed to access the current tenant. You can add up to 10 IP allowlist groups. The names of IP allowlist groups cannot be duplicated, and groups cannot be empty. Each IP allowlist group can contain up to 40 allowlists.
Note
If you choose Tencent Cloud or Huawei Cloud as the cloud service provider and connect to the database over the private network, you cannot use the OceanBase Cloud tenant allowlist feature to control access. If you need to control access, use the security group feature provided by the cloud service provider on your endpoint.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Instances to find your target instance and go to the Overview page.
In the left-side navigation pane, click Security.
On the security settings page, click Add Allowlist.
Specify Group Name and IP Address.
Parameter Description Group Name The name must start with a lowercase English letter and end with a lowercase English letter or a digit. It can only contain lowercase English letters, digits, and underscores. It must be 2 to 32 characters in length. IP Address - You can enter an IP address (for example, xxx.xxx.x.x) or an IP range (for example, xxx.xxx.xxx.xxx/24).
- Separate multiple IP addresses with commas (for example, xxx.xxx.x.x,xxx.xxx.xxx.xxx/24).
- 0.0.0.0 indicates that all IP addresses can access directly without any restrictions.
- You can set up to 40 allowlists.
Click OK.
After the allowlist is added, click the edit icon in the allowlist group to add or delete allowlists. To delete an allowlist group, click the delete icon.
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Instances to find your target instance and go to the Overview page.
In the left-side navigation pane, click Tenants to go to the tenant list page. Click the target tenant to go to the Overview page.
In the left-side navigation pane, click Security.
On the security settings page, you can add an allowlist or a security group.
- An allowlist allows only the specified IP addresses to access the database.
- A security group allows you to associate an Alibaba Cloud Elastic Compute Service (ECS) security group with an OceanBase Cloud instance. All ECS instances in the associated ECS security group can access the OceanBase Cloud instance.
Configure an allowlist.
Click Allowlists to go to the allowlist tab.
Click Add Allowlist.
Specify Group Name and IP Address, and then click OK.
Parameter Description Group Name The name must start with a lowercase English letter and end with a lowercase English letter or a digit. It can only contain lowercase English letters, digits, and underscores. It must be 2 to 32 characters in length. IP Address - You can enter an IP address (for example, xxx.xxx.x.x) or an IP range (for example, xxx.xxx.xxx.xxx/24).
- Separate multiple IP addresses with commas (for example, xxx.xxx.x.x,xxx.xxx.xxx.xxx/24).
- xxx.xxx.xxx.xxx indicates that access is blocked for all IP addresses.
- You can set up to 40 allowlists.
After the allowlist is added, click the edit icon in the allowlist group to add or delete allowlists. To delete an allowlist group, click the delete icon.
Configure a security group.
Note
A security group only applies to private connections. Configuration changes take about 5 minutes to take effect (such as adding or deleting a security group or changing the machines in a security group).
Click Security Groups to go to the security group tab.
Click Associate Security Groups.
In the dialog box that appears, select the target security group and click OK.
After the security group is added, you can click the delete icon next to the target security group in the security group tab to delete the security group.