All Products
Search
Document Center

ApsaraDB for MongoDB:Modify the IP address whitelist of an ApsaraDB for MongoDB instance

Last Updated:Aug 04, 2023

This topic describes how to modify the whitelist of an ApsaraDB for MongoDB instance. Only the devices whose IP addresses are added to the whitelists of the instance are allowed to access the instance. The default whitelist contains only the IP address 127.0.0.1. The IP address indicates that no devices can connect to the instance. Proper configuration of whitelists can enhance access security of ApsaraDB for MongoDB instances. We recommend that you maintain your whitelists on a regular basis.

Prerequisites

When you add an Elastic Compute Service (ECS) security group, make sure that the ApsaraDB for MongoDB instance has the same network type as the ECS instances in the ECS security group. If both the ApsaraDB for MongoDB instance and ECS instances are of the virtual private cloud (VPC) type, make sure that they reside in the same VPC.

Background information

  • Before you use an ApsaraDB for MongoDB instance for the first time, you must configure an IP address whitelist for the instance. For more information, see Configure an IP address whitelist.

  • After the IP address whitelist is configured, the endpoint of the instance is displayed on the Basic Information and Database Connections pages of the instance.

Procedure

  1. Log on to the ApsaraDB for MongoDB console.

  2. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances.

  3. In the upper-left corner of the page, select the resource group and region to which the instance belongs.

  4. Click the ID of the instance that you want to manage or click Manage in the Actions column corresponding to the instance.

  5. In the left-side navigation pane of the page that appears, choose Data Security > Whitelist Settings.

  6. In the Whitelist Settings section, select one of the following methods to modify the whitelist for the instance:

    Manually modify a whitelist

    1. Find the whitelist that you want to manage and click Modify in the Actions column.

    2. In the IP Whitelist field of the Manually Modify panel, enter an IP address or a CIDR block.

      • An IP address or a CIDR block can be specified in one of the following formats:

        • A single IP address. Example: 10.23.12.24.

        • 0.0.0.0/0

          Warning

          If you specify only 0.0.0.0/0 in a whitelist, the instance can be accessed by all IP addresses. This exposes instance databases to high security risks. Exercise caution when you specify only this IP address in a whitelist.

        • A CIDR block. For more information about CIDR blocks, see FAQ. Example: 10.23.12.24/24. 24 indicates that the prefix of the CIDR block is 24 bits in length. You can replace 24 with a value within the range of 1 to 32.

      • Separate multiple IP addresses with commas (,).

    3. Click OK.

    Load the internal IP addresses of ECS instances

    1. Find the whitelist that you want to manage and click Add Internal IP Addresses of ECS Instances in the Actions column.

    2. In IP Whitelist of the Import ECS Intranet IP panel, select the ECS internal IP address to be added.

    3. Click 添加.

    4. Click OK.