IP Whitelist for Services

Access to MariaDB SkySQL services is restricted to whitelisted IP addresses. The IP whitelist for services is managed via the SkySQL Portal.

A separate IP whitelist is maintained for access to SkySQL Monitoring and Workload Analysis.

Default

The IP whitelist for services includes no default entries. You must whitelist specific IP addresses or netblocks to permit access to services.

Adding an IP Address

Database services deployed on MariaDB SkySQL are protected by a firewall. To access these services through user accounts, you must whitelist the IP address of the system connecting to the service.

Addresses can be added to the whitelist at any time after the database service has been created, even while it is still in "Pending" status.

Service IP whitelists are managed on a per-service basis.

Service IP whitelisting supports IPv4 addressing. IPv6 addresses are not supported.

Attempts to connect to a database on SkySQL from a non-whitelisted IP address will result in an error.

To add an IP address to a service's whitelist:

  1. Log in to the SkySQL Portal

  2. Click on "Your Services" in the MariaDB SkySQL main menu (left navigation) and click on the name of the desired database.

  3. Scroll to the bottom of the Service Details page and click on the pencil icon to the right of the "Whitelisted IP Addresses" heading.

  4. You can click on the "Add My IP Address" link to add your public IP address. To add other addresses, enter an IPv4 address or netblock to be whitelisted, for example 192.0.2.1/32 or 198.51.100.0/24, and click on the "Add" button.

    • Addresses must be valid IPv4 addresses.

    • When adding an IPv4 CIDR block, the start IP address of the CIDR block must be specified.

  5. Click on the "Submit" button to finalize adding the addresses and netblocks to the whitelist or on the "Cancel" button to cancel the additions.

The interface will reflect the new whitelist settings immediately, but changes may take a few minutes to propagate to your server.

Can't Connect Error

Attempts to connect to a database on SkySQL from a non-whitelisted IP address will result in an error:

$ mariadb --host example.skysql.net --port 5001 \
      --user db_user -p --ssl-ca skysql_chain.pem
ERROR 2002 (HY000): Can't connect to MySQL server on 'example.skysql.net' (115)

Deleting an IP Address from a Service's Whitelist

Database services deployed on MariaDB SkySQL are protected by a firewall. To access these services through user accounts, you must whitelist the IP address of the system connecting to the service.

Systems may change over time, as old servers are decommissioned and new servers are launched. It is best practice to periodically review the IP addresses in a whitelist. Remove any that are no longer valid or in use.

Whitelists are managed on a per database service basis.

To delete an IP address from a service's whitelist:

  1. Log in to the SkySQL Portal

  2. Click on "Your Services" in the MariaDB SkySQL main menu (left navigation) and click on the name of the desired database.

  3. Click on the pencil icon to the right of the "Whitelisted IP Addresses" heading. (You may need to scroll down the page.)

  4. Find the address that you want to remove, and click the "x" icon next to it.

  5. Click on the "Submit" button to finalize changes or on the "Cancel" button to cancel any changes. The interface will reflect the new whitelist settings immediately, but changes may take a few minutes to propagate to your server.

Modifying an IP Address in a Service's Whitelist

Database services deployed on MariaDB SkySQL are protected by a firewall. To access these services through user accounts, you must whitelist the IP address of the system connecting to the service. Addresses must be IPv4.

Whitelists are managed on a per database service basis.

Whitelist addresses can be changed any time after the database service has been created, even while it is still in "Pending" status.

To change or edit an IP address in a service's whitelist:

  1. Log in to the SkySQL Portal

  2. Click on "Your Services" in the MariaDB SkySQL main menu (left navigation) and click on the name of the desired database.

  3. Click on the pencil icon to the right of the "Whitelisted IP Addresses" heading. (You may need to scroll down the page.)

  4. Find the address you want to change, and click the pencil icon next to it.

  5. Make any necessary changes and click on the check mark icon.

    • Addresses must be valid IPv4 addresses. For example, 192.0.2.1/32 or 198.51.100.0/24.

  6. Click on the "Submit" button to finalize changes or on the "Cancel" button to cancel any changes. The interface will reflect the new whitelist settings immediately, but changes may take a few minutes to propagate to your server.

Whitelist Maintenance

Systems may change over time, as old servers are decommissioned and new servers provisioned. It is best practice to periodically review the IP addresses in a whitelist. Remove any that are no longer valid or in use.