- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Practical Tutorial
- Upgrading Database Version from MySQL 5.7 to 8.0 Through DTS
- Usage Instructions for TDSQL-C MySQL
- New Version of Console
- Implementing Multiple RO Groups with Multiple Database Proxy Connection Addresses
- Strengths of Database Proxy
- Selecting Billing Mode for Storage Space
- Creating Remote Disaster Recovery by DTS
- Creating VPC for Cluster
- Data Rollback
- Solution to High CPU Utilization
- How to Authorize Sub-Users to View Monitoring Data
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Billing APIs
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterDetail
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- SwitchClusterVpc
- OpenReadOnlyInstanceExclusiveAccess
- OpenClusterReadOnlyInstanceGroupAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- Service Agreement
- TDSQL-C Policy
- General References
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Practical Tutorial
- Upgrading Database Version from MySQL 5.7 to 8.0 Through DTS
- Usage Instructions for TDSQL-C MySQL
- New Version of Console
- Implementing Multiple RO Groups with Multiple Database Proxy Connection Addresses
- Strengths of Database Proxy
- Selecting Billing Mode for Storage Space
- Creating Remote Disaster Recovery by DTS
- Creating VPC for Cluster
- Data Rollback
- Solution to High CPU Utilization
- How to Authorize Sub-Users to View Monitoring Data
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Billing APIs
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterDetail
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- SwitchClusterVpc
- OpenReadOnlyInstanceExclusiveAccess
- OpenClusterReadOnlyInstanceGroupAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- Service Agreement
- TDSQL-C Policy
- General References
- Glossary
- Contact Us
In addition to the private network access, you can also connect to TDSQL-C for MySQL by using the system-assigned domain name and port after enabling the public network access. It takes about five minutes for the configuration to take effect. Note that the public network access should be used only for database development or management. For business access, you should use the private network access.
This document describes how to enable/disable public read-write and read-only addresses of a cluster in the console.
Note:
Faults arising from the public network access will not be included in the overall availability calculation for the TDSQL-C MySQL service.
Enabling public network access for TDSQL-C for MySQL can reduce the security of the instance. It is recommended solely for management, testing, or database management. No availability SLA guarantees are provided for such configurations. For operational access, utilize private network connections.
After TDSQL-C for MySQL public network access is enabled, it will be controlled by the network access policies in the security group. You need to configure the corresponding policies in advance.
Currently, the public network access feature is free of charge, but the stability of the public network bandwidth and traffic cannot be guaranteed.
The Enable button will be displayed for the public read-only address in the Connection Info section on the Cluster Details page only if there are read-only instances in your cluster.
We recommend utilizing public domain names instead of IP addresses for access. Because the adjustment in database instance specification, the reactivation of public network access, and the network upgrade may lead to changes in the public IP addresses. Accessing via public domain names ensures minimal impact on your operations, without need of application modification.
Overview
A TDSQL-C for MySQL cluster contains read-write and read-only instances. They support both private and public network addresses, with the former enabled by default for you to access your instance over the private network and the latter enabled or disabled as needed. Note that the latter is automatically assigned by the system and cannot be customized currently.
Precautions
Currently, after public network address is enabled for TDSQL-C for MySQL, it adopts a Cloud Load Balancer (CLB) architecture. The system will automatically create a basic CLB instance in the same region in the CLB console to provide public network capabilities. The CLB architecture offers detailed resource restriction policies (as shown in the table below). If you have higher performance requirements, you can also directly purchase a CLB instance.
Category | Number of Concurrent Connections | New Connections | Packet Volume | Inbound Bandwidth | Outbound Bandwidth |
CLB | 2000 | 200/s | Unlimited | 20 Mbps | 20 Mbps |
Note:
A CLB instance is automatically created due to the enabling of a public network address. You can try it for free.
After the public network address is disabled, the corresponding CLB instance will be automatically deleted.
Commencing from mid-May 2024, the CLB health check source IP will be within the 100.64.0.0/10 subnet. Upon enabling public network access, if your simplified CLB instance displays an abnormal health status, you may rectify this issue by allowing the 100.64.0.0/10 subnet through the security group configuration for TDSQL-C for MySQL. This action aims to resolve failures in health checks that lead to the abnormal display of the CLB instance's health status. For guidance on this operation, see Modifying or Adding Security Group Rules.
To configure monitoring alerts for the aforementioned basic load balancer instance, it is essential to monitor public network connections through metrics such as the number of new public network connections, current public network connections, outbound public network bandwidth, and inbound public network bandwidth, especially after enabling an external network address. For the operational steps, please refer to Setting Alerts. Select the policy type as illustrated below.
Supported Regions and Instance Types
Clusters in Guangzhou, Shanghai, Beijing, Chengdu, Chongqing, Nanjing, Hong Kong (China), Singapore, Seoul, Tokyo, Silicon Valley, Frankfurt, and Virginia regions will support the enabling of public network addresses. The availability is progressively being rolled out. Refer to the supported regions already opened in the console.
The clusters in the instance form of pre-configured resources and Serverless support the enabling of public network addresses for read-write or read-only instances within the cluster. Once enabled, you can access the respective instances via their public network addresses.
Enabling the public read-write/read-only addresses of a cluster
On the cluster management page, proceed according to the actually used view mode:
1. Log in to the TDSQL-C for MySQL console, and click the target cluster in the cluster list on the left to enter the cluster management page.
2. Under Cluster Details, locate the instance for which you need to enable public network access. Hover your mouse over the public network section of the read/write or read-only address, where the word "Enable" will appear. Click Enable.
3. After you click Enable, the system will perform operations based on the instance's bound security group situation in several scenarios.
Scenario 1: The port is not opened in the current security group configuration.
To enable public network access, you need to click Authorize and Create (the system will request your authorization to automatically bind a security group that allows the internal network port for this cluster (current port: 3306) to facilitate your public network connection. Subsequently, you may access the security group interface for further settings or to bind a new security group).
Note:
Enabling the public network requires the internal network policy of the security group to be opened for access. If your current security group configuration does not allow the port, to ensure connection success, the system will automatically open the port policy for this cluster and allow 0.0.0.0/0 and ::/0 access. For network security, we recommend that you manually modify it to the fixed IP access later.
After enabling, you can access TDSQL-C for MySQL through a system-assigned domain name and port in the public network. The effective time is about 5 minutes.
Public network access is solely for developing or assisting in database management. For business access, use internal network access.
Scenario 2: The port is opened in the current security group configuration.
In the pop-up window, read the prompt and click OK to enable public network.
4. Once the network is successfully enabled, you can view the public network's host and port at the public network address under connection information. The public network host and port cannot be modified.
1. Log in to the TDSQL-C for MySQL console and click the ID of the target cluster in the cluster list to enter the cluster management page.
2. On the Instance List tab page of the cluster management page, select the instance (read/write instance or read-only instance) to be enabled for public network, click its Instance ID or Manage in the Operation column to enter the instance details page.
3. On the instance details page, choose Connection Info > Public Network Address, and then click Enable.
4. After you click Enable, the system will perform operations based on the instance's bound security group situation in several scenarios.
Scenario 1: The port is not opened in the current security group configuration.
To enable public network access, you need to click Authorize and Create (the system will request your authorization to automatically bind a security group that allows the internal network port for this cluster (current port: 3306) to facilitate your public network connection. Subsequently, you may access the security group interface for further settings or to bind a new security group).
Note:
Enabling the public network requires the internal network policy of the security group to be opened for access. If your current security group configuration does not allow the port, to ensure connection success, the system will automatically open the port policy for this cluster and allow 0.0.0.0/0 and ::/0 access. For network security, we recommend that you manually modify it to the fixed IP access later.
After enabling, you can access TDSQL-C for MySQL through a system-assigned domain name and port in the public network. The effective time is about 5 minutes.
Public network access is solely for developing or assisting in database management. For business access, use internal network access.
Scenario 2: The port is opened in the current security group configuration.
In the pop-up window, read the prompt and click OK to enable public network.
5. Once the network is successfully enabled, you can view the public network's host and port at the public network address under connection information. The public network host and port cannot be modified.
Disabling the public read-write/read-only addresses of a cluster
Note:
After the public network address is disabled, you will no longer be able to access the TDSQL-C for MySQL cluster through the public network domain name and port. Ensure your system does not use a public network access address to avoid unnecessary losses.
On the cluster management page, proceed according to the actually used view mode:
1. Log in to the TDSQL-C for MySQL console, and click the target cluster in the cluster list on the left to enter the cluster management page.
2. Under Cluster Details, locate the instance for which you want to enable the public network and click Disable next to the read-write/read-only address.
3. In the pop-up window, confirm that everything is correct and click OK.
1. Log in to the TDSQL-C for MySQL console and click the ID of the target cluster in the cluster list to enter the cluster management page.
2. On the Instance List tab page of the cluster management page, select the instance (read/write instance or read-only instance) to be enabled for public network, click its Instance ID or Manage in the Operation column to enter the instance details page.
3. On the instance details page, choose Connection Info > Public Network Address, and then click Disable .
4. In the pop-up window, confirm that everything is correct and click OK.
Yes
No
Was this page helpful?