Add an IP address to the allowlist of a database instance in AWS

If you select public network as the connection type when you create a data source or data migration task with Amazon Web Services (AWS) as the cloud vendor, you need to add the IP address of the data source to the allowlist of the MySQL database instance (including Aurora MySQL, RDS MySQL, and self-managed MySQL), the Oracle database instance (including RDS Oracle and self-managed Oracle), the self-managed OceanBase database instance, and the Kafka instance (including cloud instance Kafka and self-managed Kafka). This ensures that the data source can be accessed.

Obtain the IP address to be added to the allowlist

1. Log in to the OceanBase Cloud console.

2. Access the Create Data Source page.

   Here takes the procedure on the Create Data Source page as an example. You can also click Data Services > Migrations > Migrate Data, and obtain the IP address to be added to the allowlist from the Create Task page.

   1. In the left-side navigation pane, click Data Services > Data Sources.

   2. On the Data Sources page, click Create Data Source in the upper-right corner and select the data source type.

3. On the Create Data Source page, select AWS for Cloud Vendor, Public IP for Connection Method, and the instance type as needed.

4. Copy the IP address displayed below the Connection Information text box.

   Note

   The selected region must be the same as the region where the AWS instance is located.

   

Add an IP address to the allowlist of an Aurora MySQL instance or an RDS for MySQL/Oracle instance

1. Access the Security Groups page.

   1. Log in to the Amazon RDS console and go to the Databases page.

   2. Click the database ID of the target database instance.

      

   3. On the Connectivity & security tab, click the virtual private cloud (VPC) security group in the Security section.

      • VPC security group of an Aurora MySQL instance

        

      • VPC security group of an RDS for MySQL/Oracle instance

        

2. On the Security Groups page, click the ID of the target security group to go to its details page.

   

3. In the Inbound rules section, click Edit inbound rules in the upper-right corner.

   

4. On the Edit inbound rules page, click Add rule and configure the parameters.

   

   Parameter	Description
   Type	The rule type. Select Custom TCP.
   Protocol	The protocol type. The default value is TCP.
   Port range	Enter 3306.
   Source	Enter the IP address copied on the page for creating a data source or data migration task.
   Description - optional	The description of the rule to be added.

5. Click Save rules.

Add an IP address to the allowlist of a cloud Kafka instance

1. Go to the Security Group page.

   1. Log in to the Amazon MSK console.

   2. On the Clusters page, click the name of the target cluster to go to the details page.

      

   3. Click the Attributes tab. In the Networking settings section, click the ID of the applied security group to go to the VPC Console > Security Group page.

      

2. In the Inbound rules section of the security group details page, click Edit inbound rules in the upper-right corner.

   

3. On the Edit inbound rules page, click Add rule and configure the parameters.

   

   Parameter	Description
   Type	The rule type. Select Custom TCP.
   Protocol	The protocol type. The default value is TCP.
   Port range	Enter port 9092.
   Source	Enter the IP address that you copied from the page for creating a data source or data migration task.
   Description (optional)	The description of the rule.

4. Click Save rule.

Add an IP address to the allowlist of a self-managed MySQL/Oracle/OceanBase/Kafka instance

1. Access the Security Groups page.

   1. Log in to the Amazon Elastic Compute Cloud (EC2) console and go to the Instances page.

   2. On the Instances page, click the ID of the self-managed MySQL/Oracle/OceanBase Database instance you created.

      

   3. On the details page of the target instance, click the security group name on the Security tab to go to the details page of the security group.

      

2. In the Inbound rules section of the security group details page, click Edit inbound rules in the upper-right corner.

   

3. On the Edit inbound rules page, click Add rule and configure the parameters.

   

   Parameter	Description
   Type	The rule type. Select Custom TCP.
   Protocol	The protocol type. The default value is TCP.
   Port range	Enter 3306.
   Source	Enter the IP address copied on the page for creating a data source or data migration task.
   Description - optional	The description of the rule to be added.

4. Click Save rules.