If you want to access an Alibaba Cloud Elasticsearch cluster over the Internet or a virtual private cloud (VPC), you can first add the IP address of the host that you use to the public or private IP address whitelist of the cluster. This topic describes how to configure a public or private IP address whitelist for an Elasticsearch cluster.

Prerequisites

An Alibaba Cloud Elasticsearch cluster is created. For more information, see Create an Alibaba Cloud Elasticsearch cluster.

Precautions

If you access an Alibaba Cloud Elasticsearch cluster over the Internet, the network may be unstable, and data security cannot be ensured. If you require high data security and network stability, we recommend that you use a VPC for access.

Procedure

  1. Log on to the Elasticsearch console.
  2. In the left-side navigation pane, click Elasticsearch Clusters.
  3. Navigate to the desired cluster.
    1. In the top navigation bar, select a resource group and a region.
    2. In the left-side navigation pane, click Elasticsearch Clusters. On the Elasticsearch Clusters page, find the desired cluster and click its ID.
  4. In the left-side navigation pane of the Basic Information page, click Security.
  5. In the Network Settings section, click Update on the right side of VPC Whitelist or Public Network Whitelist to configure a private or public IP address whitelist. In this example, VPC Whitelist is used.
    Note Before you configure a public IP address whitelist, you must turn on the Public Network Access switch. Then, perform the following operations. By default, the Public Network Access switch is turned off.
    • Add an IP address whitelist
      1. In the Edit VPC Whitelist panel, click Add IP Address Whitelist.
      2. Configure Name and IP Addresses in Whitelist. Add IP Address Whitelist

        You can enter IP addresses or CIDR blocks in the IP Addresses in Whitelist field. For example, you can enter 192.168.0.1 or 192.168.0.0/24. Separate multiple IP addresses or CIDR blocks with commas (,). You can enter 127.0.0.1 to deny requests from all IPv4 addresses or enter 0.0.0.0/0 to allow requests from all IPv4 addresses. A whitelist can contain a maximum of 300 IP addresses or CIDR blocks.

        Parameter Description
        Name The name of the IP address whitelist. Enter a name based on your requirements. The name must be 2 to 120 characters in length and can contain lowercase letters, digits, and underscores (_). The name must start with a letter and end with a letter or digit.
        IP Addresses in Whitelist (for public IP addresses)
        • If your Elasticsearch cluster is deployed in the China (Hangzhou) region, you can add IPv6 addresses to the whitelist. For example, you can enter 2401:b180:1000:24::5 or 2401:b180:1000::/48. You can enter ::1 to deny requests from all IPv6 addresses or enter ::/0 to allow requests from all IPv6 addresses.
        • By default, requests from all public IP addresses are denied.
        IP Addresses in Whitelist (for private IP addresses) By default, requests from all IPv4 addresses within the VPC in which the Elasticsearch cluster resides are allowed.
      3. Click OK. Then, you can view the newly created whitelist. Creation result
    • Modify an IP address whitelist
      1. In the Edit VPC Whitelist panel, find the IP address whitelist that you want to modify and click Configure.
      2. Change the value of Name or IP Addresses in Whitelist.
      3. Click OK. Then, the IP address whitelist is modified.
    • Delete an IP address whitelist
      1. In the Edit VPC Whitelist panel, find the IP address whitelist that you want to delete and click Delete.
      2. In the Delete IP Address Whitelist message, click OK. Then, the IP address whitelist is deleted.
    Note
    • A default public IP address whitelist and a default private IP address whitelist are provided for each Elasticsearch cluster. Both whitelists are named default and contain default IP addresses or CIDR blocks. You can also add IP addresses or CIDR blocks to the whitelists.
    • In the Network Settings section, only the first three IP addresses or CIDR blocks are displayed for VPC Whitelist or Public Network Whitelist. The other IP addresses or CIDR blocks are displayed as an ellipse (...). If you want to view the other IP addresses or CIDR blocks in an IP address whitelist, click Update on the right side of VPC Whitelist or Public Network Whitelist. Then, click the Plus sign icon or Configure that corresponds to the whitelist.