This topic describes how to configure an IP address whitelist or an ECS security group
for an ApsaraDB for MongoDB instance. After you create an ApsaraDB for MongoDB instance,
you must configure an IP address whitelist or add an ECS security group to allow access
only from authorized devices. The default whitelist contains only the IP address 127.0.0.1,
which indicates that no devices can access the ApsaraDB for MongoDB instance.
Prerequisites
When you add an ECS security group, make sure that the ApsaraDB for MongoDB instance
has the same network type as the ECS instances in the ECS security group. If both
the ApsaraDB for MongoDB instance and ECS instances are of the VPC type, make sure
that they reside in the same VPC.
Background information
- Before you use an ApsaraDB for MongoDB instance for the first time, you must configure
a whitelist for the instance. After you configure the whitelist, the endpoints of
the instance appear on the Basic Information and Database Connections pages.
- Whitelists make your ApsaraDB for MongoDB instances more secure. We recommend that
you maintain the whitelists on a regular basis.
Configure an IP address whitelist for a standalone instance, replica set instance,
or sharded cluster instance
- Log on to the ApsaraDB for MongoDB console.
- In the upper-left corner of the page, select the resource group and region to which
the instance belongs.
- In the left-side navigation pane, click Replica set instances or Sharded cluster instance based on the instance type.
- On the page that appears, find the instance that you want to manage and click its
ID.
- In the left-side navigation pane, choose .
- Find the IP address whitelist that you want to configure, and choose
> Manually Modify or Import ECS Intranet IP in the Actions column.Manually Modify
- In the Manually Modify panel, click the IPv4 or IPv6 tab based on your network connection.
Note
- Limits for IPv4 addresses:
- Limits for IPv6 addresses:
- You cannot specify both IPv4 and IPv6 addresses in a single whitelist. If you want to specify both IPv4 and IPv6 addresses,
specify them in separate whitelists.
- Click OK.
Import ECS Intranet IP
- Click Import ECS Intranet IP. In the Import ECS Intranet IP panel, the internal IP addresses of ECS instances
created in the current account are displayed. Select one or more IP addresses and
add them to the IP address whitelist.
- Click OK.
Configure an ECS security group for a standalone instance, replica set instance, or
sharded cluster instance
An ECS security group relieves you from the tedious work of adding IP addresses or
CIDR blocks. It makes database O&M easier.
- Log on to the ApsaraDB for MongoDB console.
- In the upper-left corner of the page, select the resource group and region to which
the instance belongs.
- In the left-side navigation pane, click Replica set instances or Sharded cluster instance based on the instance type.
- On the page that appears, find the instance that you want to manage and click its
ID.
- Click Add Security Group.
- In the Add Security Group panel, select one or more ECS security groups that you want
to add.

Note
- Each ApsaraDB for MongoDB instance can be added to up to 10 security groups. After
you add an ECS security group, all its ECS instances can access the ApsaraDB for MongoDB
instance either over an internal network or over the Internet. For access over an
internal network, the two types of instances must have the same network type. If the
network type is VPC, the two types of instances must be in the same VPC. For access
over the Internet, you must have applied for a public endpoint for the ApsaraDB for
MongoDB instance.
- If you move your pointer over an ECS security group, you can view its name and description.
If you move your pointer over VPC, you can view the VPC ID. This way, you can quickly
find an ECS security group.
Delete a whitelist or an ECS security group of a standalone instance, replica set
instance, or sharded cluster instance
- Log on to the ApsaraDB for MongoDB console.
- In the upper-left corner of the page, select the resource group and region to which
the instance belongs.
- In the left-side navigation pane, click Replica set instances or Sharded cluster instance based on the instance type.
- On the page that appears, find the instance that you want to manage and click its
ID.
- Delete a whitelist or an ECS security group.
To delete a whitelist, perform the following steps:
- Find the whitelist that you want to delete, and choose in the Actions column.

Note You cannot delete the default whitelist.
- In the message that appears, click OK.
To clear all ECS security groups, perform the following steps:
- Click Clear.
- In the Clear Security Groups message, click OK.