This topic describes how to add the IP address of your host to the whitelist when you access your Alibaba Cloud Elasticsearch cluster over the Internet or a VPC.

Prerequisites

An Elasticsearch cluster is created. For more information, see Create an Elasticsearch cluster.

Procedure

  1. Log on to the Alibaba Cloud Elasticsearch console.
  2. In the top navigation bar, select the region where your Alibaba Cloud Elasticsearch cluster resides.
  3. Find the target cluster and click its ID.
  4. In the left-side navigation pane of the cluster details page, click Security.
  5. In the Network Settings section of the page that appears, turn on the Public Network Access switch, which is turned off by default.
    Note If Public Network Access is enabled or you only need to configure the VPC whitelist, skip this step.

    After this feature is enabled, the Public Network Access switch is in green. By default, the switch is in gray, which indicates that Public Network Access is disabled. To access your Elasticsearch cluster over the Internet, you must enable Public Network Access.

  6. Click Update and enter the IP address that you want to add to the whitelist.
    Configure a whitelist to access an Elasticsearch cluster over the Internet or a VPC

    You can enter both IP addresses and CIDR blocks in the public IP address and VPC whitelists. For example, enter 192.168.0.1 or 192.168.0.0/24. Separate multiple IP addresses and CIDR blocks with commas (,). You can enter 127.0.0.1 to deny requests from all IPv4 addresses or enter 0.0.0.0/0 to allow requests from all IPv4 addresses. A whitelist can contain up to 300 IP addresses or CIDR blocks. The following table describes the differences between the two whitelists.

    Category Description
    Public IP address whitelist
    • If your Elasticsearch cluster is deployed in the China (Hangzhou) region, you can add IPv6 addresses to the whitelist. For example, enter 2401:b180:1000:24::5 or 2401:b180:1000::/48. Enter ::1 to deny requests from all IPv6 addresses or ::/0 to allow requests from all IPv6 addresses.
    • By default, requests from all public IP addresses are denied.
    VPC whitelist By default, requests from all IPv4 addresses within the VPC in which the Elasticsearch cluster resides are allowed.
  7. Click OK.