pingcap · ti-chi-bot · Apr 29, 2026 · Apr 27, 2026 · Apr 27, 2026 · Apr 27, 2026
diff --git a/tidb-cloud/configure-serverless-firewall-rules-for-public-endpoints.md b/tidb-cloud/configure-serverless-firewall-rules-for-public-endpoints.md
@@ -45,13 +45,27 @@ To add firewall rules to a {{{ .starter }}} or {{{ .essential }}} instance, take
 
 2. In the left navigation pane, click **Settings** > **Networking**.
 
-3. On the **Networking** page, enable **Public Endpoint** if it is disabled. In **Authorized Networks**, click **+ Add Current IP**. This automatically creates a firewall rule with the public IP address of your computer, as perceived by TiDB Cloud.
+3. On the **Networking** page, enable **Public Endpoint** if it is disabled.
 
-    > **Note:**
-    >
-    > In some situations, the IP address observed by the TiDB Cloud console differs from the IP address used when accessing the internet. Therefore, you might need to change the start and end IP addresses to make the rule function as expected. You can use a search engine or other online tool to check your own IP address. For example, search for "what is my IP."
+4. (Optional) For a newly created {{{ .starter }}} or {{{ .essential }}} instance, **Allow_all_public_connections** is enabled by default. To allow access only from specified IP addresses or IP address ranges, click **...** in the row of **Allow_all_public_connections**, and then click **Delete**.
 
-4. Click **Add rule** to add more address ranges. In the displayed window, you can specify a single IP address or a range of IP addresses. If you want to limit the rule to a single IP address, type the same IP address in the **Start IP Address** and **End IP Address** fields. Opening the firewall enables administrators, users, and applications to access any database on your {{{ .starter }}} or Essential instance to which they have valid credentials. Click **Submit** to add the firewall rule.
+5. In **Authorized Networks**, click **Add rule**, and then add the IP address or IP address range that you want to allow.
+
+    - To add the current IP address of your computer, click **Add Current IP**. This automatically creates a firewall rule with the public IP address of your computer, as perceived by TiDB Cloud.
+
+        > **Note:**
+        >
+        > In some situations, the IP address perceived by the TiDB Cloud console might be different from the IP address used by your database client to connect to TiDB Cloud. Therefore, you might need to change the start and end IP addresses to make the rule work as expected. You can use a search engine or an online tool to check your public IP address. For example, search for "what is my IP."
+
+    - To enable access from all AWS IP addresses if your {{{ .starter }}} or Essential instance is hosted on AWS, click **Add AWS Access**. This automatically creates a firewall rule for all AWS IP addresses. TiDB Cloud uses the reserved IP address **169.254.65.87** to represent all AWS IP addresses and regularly updates this list according to the official [AWS IP address list](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html).
+
+    - To add more address ranges, specify a single IP address or a range of IP addresses. To limit the rule to a single IP address, enter the same IP address in the **Start IP Address** and **End IP Address** fields.
+
+        >**Note:**
+        >
+        > Opening the firewall enables administrators, users, and applications from the specified IP addresses or IP address ranges to access any database on your {{{ .starter }}} or Essential instance to which they have valid credentials.
+
+6. Click **Save**.
 
 ## What's next
 

diff --git a/tidb-cloud/migrate-from-op-tidb.md b/tidb-cloud/migrate-from-op-tidb.md
@@ -285,8 +285,10 @@ To replicate incremental data, do the following:
 
     1. In the [TiDB Cloud console](https://tidbcloud.com/), navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page, and then click the name of your target resource to go to its overview page.
     2. In the left navigation pane, click **Settings** > **Networking**.
-    3. On the **Networking** page, click **Add IP Address**.
-    4. In the displayed dialog, select **Use IP addresses**, click **+**, fill in the public IP address of the TiCDC component in the **IP Address** field, and then click **Confirm**. Now TiCDC can access TiDB Cloud. For more information, see [Configure an IP Access List](/tidb-cloud/configure-ip-access-list.md).
+    3. Depending your TiDB Cloud plan, do one of the following to allow TiCDC to connect to TiDB Cloud.
+
+        - For {{{ .starter }}} or Essential, click **Add rule** next to the **Authorized Networks** table, add a firewall rule with the public IP address of the TiCDC component in the displayed dialog, and then click **Save**. For more information, see [Configure {{{ .starter }}} or Essential Firewall Rules for Public Endpoints](/tidb-cloud/configure-serverless-firewall-rules-for-public-endpoints.md#create-and-manage-a-firewall-rule).
+        - For TiDB Cloud Dedicated, click **Add IP Address**, select **Use IP addresses** in the displayed dialog, click **+**, enter the public IP address of the TiCDC component in the **IP Address** field, and then click **Confirm**. For more information, see [Configure an IP Access List](/tidb-cloud/configure-ip-access-list.md).
 
 3. Get the connection information of the downstream TiDB Cloud resource.