Tair (Redis OSS-compatible) (Redis-compatible) instances support password-free access in a VPC. With this feature enabled, clients in the same VPC can connect without a password. Password-based connections remain supported.
Prerequisites
The instance must be in a VPC.
Usage notes
-
Password-free connections use the default account, which shares the instance ID as its name (for example, r-bp1zxszhcgatnx****) and has read/write permissions.
-
If multiple VPCs are connected through CEN, this feature treats them as a single VPC.
-
Public-endpoint connections still require password authentication, even with password-free access enabled.
Procedure
Log on to the console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.
-
In the Connection Information section, click Enable Password-free Access.
-
In the right-side panel, read the instructions and click OK.
Refresh the page. The feature is enabled when the Enable Password-free Access button changes to Disable Password-free Access.
-
For a cloud-native instance, add the IP addresses of same-VPC clients to the allowlist before using password-free access.
For a classic instance, allowlist configuration is not required. Control this behavior for classic instances with the
#no_loose_check-whitelist-alwaysparameter:-
By default, the
#no_loose_check-whitelist-alwaysparameter is set tono, which allows same-VPC clients to connect to the Tair instance without allowlist entries. Open source Redis configuration parameters. -
In some cases, before changing the configuration of an instance with password-free access enabled, add the VPC CIDR block to the allowlist and set
no_loose_check-whitelist-alwaystoyes. Otherwise, connections may fail after the change.
NoteCloud-native instances do not support the
#no_loose_check-whitelist-alwaysparameter. -
Connection examples
These examples show how to connect after enabling password-free access.
Obtain the endpoint and password for an instance from View endpoints.
Connect with redis-cli
redis-cli -h host -p port
// Example: redis-cli -h r-bp10noxlhcoim2****.redis.rds.aliyuncs.com -p 6379Connect with Jedis
JedisPoolConfig config = new JedisPoolConfig();
// The maximum number of idle connections. Evaluate this value based on your business requirements. It cannot exceed the maximum number of connections for the instance.
config.setMaxIdle(100);
// The maximum number of connections. Evaluate this value based on your business requirements. It cannot exceed the maximum number of connections for the instance.
config.setMaxTotal(200);
config.setTestOnBorrow(false);
config.setTestOnReturn(false);
// Replace the host and port values with the endpoint and port of your instance. The password parameter is not required.
String host = "r-bp10noxlhcoim2****.redis.rds.aliyuncs.com";
int port = 6379;
JedisPool pool = new JedisPool(config, host, port);
Jedis jedis = null;
try
{
jedis = pool.getResource();
/// ... do stuff here ... for example
jedis.set("foo", "bar");
System.out.println(jedis.get("foo"));
jedis.zadd("sose", 0, "car");
jedis.zadd("sose", 0, "bike");
System.out.println(jedis.zrange("sose", 0, -1));
}
finally
{
if(jedis != null)
{
// You must call close() after each API call. This returns the connection to the pool, but does not destroy it.
jedis.close();
}
}
// Call this method only once when the application exits.
pool.destroy();Related operations
To disable this feature, click the Disable Password-free Access button.
If you disable this feature, clients using password-free access can no longer connect to the instance.
Reconfigure your clients for password-based authentication before disabling this feature.
Related APIs
|
API |
Description |
|
Enables or disables password-free access in a VPC. |
FAQ
-
Q: After I enable password-free access, why do I still receive the
WRONGPASS invalid username-password pairerror?A: On an open source Redis 6.0 instance with password-free access, this error occurs when you provide incorrect credentials. Reconnect with the correct username and password, or with no credentials.
NotePassword format:
-
For the default account (the account name is the same as the instance ID): Enter only the password.
-
For a new account: Use the
<user>:<password>format, for example,testaccount:Rp829dlwa.
-
Why is the
(error) ERR illegal addresserror reported when I use a client to connect to a Tair instance for which password-free access is enabled?The IP address of the client is not added to a whitelist of the instance. You can add the IP address of the client to a whitelist of the instance and try again.