Add an IP address to the allowlist of a database instance in Alibaba Cloud

If you select public network as the connection type when you create a data source or data migration task with Alibaba Cloud as the cloud vendor, you need to add the IP address of the data source to the allowlist of the MySQL database instance (including RDS MySQL, PolarDB MySQL, and self-managed MySQL), self-managed Oracle database instance, self-managed OceanBase database instance, Kafka instance (including cloud instance Kafka and self-managed Kafka), PostgreSQL database instance (including RDS PostgreSQL and self-managed PostgreSQL), self-managed TiDB database instance, Alibaba Cloud HBase database instance, and Alibaba Cloud Lindorm database instance. This ensures that the data source can be accessed.

Obtain the IP address to be added to the allowlist

1. Log in to the OceanBase Cloud console.

2. Access the Create Data Source page.

   Here takes the procedure on the Create Data Source page as an example. You can also click Data Services > Migrations > Migrate Data, and obtain the IP address to be added to the allowlist from the Create Task page.

   1. In the left-side navigation pane, click Data Services > Data Sources.

   2. On the Data Sources page, click Create Data Source in the upper-right corner and select the data source type.

3. On the Create Data Source page, select Alibaba Cloud for Cloud Vendor, Public IP for Connection Method, and the instance type as needed.

4. Copy the IP address displayed below the Connection Information text box.

   Note

   The region selected here must be the same as the region where the Alibaba Cloud instance is located.

Add an IP address to the allowlist of an RDS for MySQL/PostgreSQL instance

1. Log in to the ApsaraDB RDS console and go to the Instances page.

2. In the upper part of the page, select the region where the target instance is located.

3. Click the name of the target instance to go to its Basic Information page.

4. In the left-side navigation pane, click Whitelist and SecGroup.

5. On the Whitelist Settings tab, click Create Whitelist.

   To add the IP address to an existing allowlist, click Modify next to the target allowlist.

   

6. In the Create Whitelist dialog box, specify Whitelist Name and IP Addresses.

   To modify an existing allowlist, you need to specify IP Addresses only. Enter the IP address copied on the page for creating a data source or data migration task.

7. Click OK.

Add an IP address to the allowlist of a PolarDB for MySQL instance

1. Log in to the PolarDB console and go to the Clusters page.

2. In the upper part of the page, select the region where the target cluster is located.

3. Click the name of the target cluster to go to its Basic Information page.

4. In the left-side navigation pane, select Settings and Management > Cluster Whitelists.

5. In the IP Whitelists section, click Add IP Whitelist.

   To add the IP address to an existing allowlist, click Configure next to the target allowlist.

   

6. In the Add IP Whitelist dialog box, specify Whitelist Name and IP Addresses in Whitelist.

   To modify an existing allowlist, you need to specify only IP Addresses in Whitelist in the Modify Whitelist dialog box. Enter the IP address copied on the page for creating a data source or data migration task.

7. Click OK.

Add an IP address to the allowlist of a cloud Kafka instance

1. Log in to the Kafka console and go to the Instances page.

2. In the upper part of the page, select the region where the target instance is located.

3. Click the name of the target instance to go to the Instance Details page.

4. In the left-side navigation pane, click Whitelist Management.

5. On the Whitelist tab, click Create Whitelist.

   If you want to add an IP address to an existing allowlist, click Modify next to the target allowlist.

   

6. In the Create Whitelist dialog box, specify the allowlist name and the IP address.

   If you want to modify an allowlist, specify only the IP address. This IP address is the IP address that you copied on the page for creating a data source or data migration task.

7. After you create an allowlist, click OK.

   If you want to modify an allowlist, click Modify.

Add an IP address to the allowlist of a self-managed MySQL/Oracle/OceanBase/Kafka/PostgreSQL/TiDB instance

1. Log in to the ECS console and go to the Security Groups page.

2. In the upper part of the page, select the region where the target security group is located.

3. Click the name of the target security group to go to its Security Group Details page.

4. On the Inbound tab in the Access Rule section, click Quick Add.

   You can also click Add Rule to manually add information such as Port Range and Authorization Object.

   

5. In the Quick Add dialog box, enter the IP address copied on the page for creating a data source or data migration task in Authorization Object and specify Port Range.

6. Click OK.

Add an Alibaba Cloud HBase instance to the allowlist

1. Log in to the HBase console.

2. Select the region where the target instance is located at the top of the page.

3. In the instance list, find the target instance and click its ID.

4. In the left-side navigation pane, click Access Control.

5. On the Allowlist Settings tab, click Modify Group Allowlist.

6. In the Modify Group Allowlist dialog box, enter the IP address or IP range to be accessed and click OK.

   Note

   • The default allowlist contains only the default IP address 127.0.0.1, which means no device can access the instance.
   • 0.0.0.0/0 and empty mean no IP access restrictions are set. This poses a high security risk to the database. Entering the IP address 0.0.0.0 or the IP range 0.0.0.0/0 is prohibited.
   • If accessing the cluster from the public network, enter the public IP address. If accessing the cluster from a local device, you can search for the public IP address in a search engine.

Add an Alibaba Cloud Lindorm instance to the allowlist

1. Log in to the Lindorm console.

2. Select the region where the target instance is located at the top of the page.

3. On the instance list page, click the target instance ID or the Manage button in the Actions column of the target instance row.

4. In the left-side navigation pane, click Access Control.

5. Click Create Group Allowlist.

6. In the Create Group Allowlist dialog box, set the Group Name and Allowlist within the group.

   Note

   • The group name supports only English letters, numbers, and underscores.
   • The following IP address or IP range formats are supported.
     • A single IP address, for example: 192.0.XX.XX.
     • IP ranges support CIDR notation, which stands for Classless Inter-Domain Routing. For example: 192.0.XX.XX/24, where /24 indicates the prefix length of the address, with a range of [1, 32].
   • Multiple IP addresses or IP ranges are separated by commas (,).
   • Setting the IP address to 127.0.0.1 prohibits access to the Lindorm instance from all IP addresses.

7. Click OK.