All Products
Search
Document Center

ApsaraDB for MongoDB:Configure a whitelist for an instance

Last Updated:Nov 12, 2024

This topic describes how to configure a whitelist for an ApsaraDB for MongoDB instance. Only the devices whose IP addresses are added to the whitelists of the instance are allowed to access the instance. The default whitelist contains only the IP address 127.0.0.1. The IP address indicates that no devices can connect to the instance. Proper configuration of whitelists can enhance access security of ApsaraDB for MongoDB instances. We recommend that you maintain your whitelists on a regular basis.

Procedure

  1. Go to the Replica Set Instances page. In the top navigation bar, select the region in which the instance resides. Then, find the instance and click the ID of the instance.

  2. In the left-side navigation pane of the instance details page, choose Data Security > Whitelist Settings.

  3. In the Create Whitelist section, use one of the following methods to configure a whitelist for the instance.

    • Manually add IP addresses to an instance whitelist

      Note
      • An IP address can be specified in one of the following formats:

        • A single IP address. Example: 10.23.12.24.

        • 0.0.0.0/0

        • A CIDR block. For more information about CIDR blocks, see FAQ. Example: 10.23.12.24/24. 24 indicates that the prefix of the CIDR block is 24 bits in length. You can replace 24 with a value within the range of 1 to 32.

      • Separate multiple IP addresses with commas (,).

      • If you specify only 0.0.0.0/0 in a whitelist or leave the whitelist empty, the instance can be accessed by all IP addresses. In this situation, the instance databases are at high security risk. Proceed with caution.

      1. Click Modify in the Actions column corresponding to an IP whitelist.

      2. In the Import ECS Internal IP pane, enter IP addresses or CIDR blocks in the IP Whitelist box.

      3. Click OK.

    • Load IP addresses of ECS instances to an instance whitelist

      1. Click Import ECS Intranet IP in the Actions column corresponding to an IP whitelist.

      2. In the IP Whitelist list of the Import ECS Intranet IP pane, select the Elastic Compute Service (ECS) internal IP addresses that you want to add to the whitelist

      3. Click Add.

      4. Click OK.

Related operations