If you want to access an Alibaba Cloud Elasticsearch cluster over the Internet or a virtual private cloud (VPC), you can add the IP address of the host that you use to the public or private IP address whitelist of the cluster. This topic describes how to configure a public or private IP address whitelist for an Elasticsearch cluster.

Prerequisites

An Alibaba Cloud Elasticsearch cluster is created. For more information, see Create an Alibaba Cloud Elasticsearch cluster.

Precautions

If you access an Alibaba Cloud Elasticsearch cluster over the Internet, the network may be unstable, and network security may be compromised. If you require high network security and stability, we recommend that you use a VPC for access.

Procedure

  1. Log on to the Elasticsearch console.
  2. In the left-side navigation pane, click Elasticsearch Clusters.
  3. Navigate to the desired cluster.
    1. In the top navigation bar, select the resource group to which the cluster belongs and the region where the cluster resides.
    2. In the left-side navigation pane, click Elasticsearch Clusters. On the Elasticsearch Clusters page, find the cluster and click its ID.
  4. In the left-side navigation pane of the page that appears, click Security.
  5. In the Network Settings section, click Update on the right side of VPC Whitelist or Public Network Whitelist to configure a private or public IP address whitelist.
    The following descriptions provide an example on how to configure a private IP address whitelist.
    Note By default, the Public Network Access switch is turned off. If you want to configure a public IP address whitelist, you must turn on the Public Network Access switch before you perform the operations in this step.
    • Add an IP address whitelist
      1. In the Edit VPC Whitelist panel, click Add IP Address Whitelist.
      2. In the Add IP Address Whitelist dialog box, configure the Name and IP Addresses in Whitelist parameters. Add IP Address Whitelist
        Parameter Description
        Name The name of the IP address whitelist. The name must be 2 to 120 characters in length and can contain lowercase letters, digits, and underscores (_). The name must start with a letter and end with a letter or digit.
        IP Addresses in Whitelist
        • You can enter IP addresses or CIDR blocks in the IP Addresses in Whitelist field. For example, you can enter 192.168.0.1 or 192.168.0.0/24. Separate multiple IP addresses or CIDR blocks with commas (,). You can enter 127.0.0.1 to deny requests from all IPv4 addresses or enter 0.0.0.0/0 to allow requests from all IPv4 addresses.
          Notice
          • A whitelist can contain a maximum of 300 IP addresses or CIDR blocks.
          • If you want to specify CIDR blocks, make sure that the IP address that precedes the forward slash (/) in each CIDR block is the first IP address obtained based on subnet mask calculation.
        • Access from public IPv6 addresses are supported in the China (Hangzhou) region, and you can configure public IPv6 address whitelists in this region. For example, you can specify 2401:b180:1000:24::5 or 2401:b180:1000::/48 in a public IPv6 address whitelist. You can enter ::1 to deny requests from all IPv6 addresses or enter ::/0 to allow requests from all IPv6 addresses.
        • By default, requests from all public IP addresses are denied and requests from all private IPv4 addresses are allowed.
      3. Click OK. Then, you can view the newly created whitelist. Creation result
        Note
        • A default public IP address whitelist and a default private IP address whitelist are provided. Both whitelists are named default and contain default IP addresses or CIDR blocks. You can also add IP addresses or CIDR blocks to the whitelists.
        • In the whitelist configuration section, only the first three IP addresses or CIDR blocks are displayed for each type of whitelist. The other IP addresses or CIDR blocks are displayed as an ellipsis (...). If you want to view the other IP addresses or CIDR blocks in a whitelist, click Update on the right side of the related whitelist type. Then, in the panel that appears, click the Plus sign icon or Configure that corresponds to the whitelist.
    • Modify an IP address whitelist
      1. In the Edit VPC Whitelist panel, find the IP address whitelist that you want to modify and click Configure.
      2. Change the value of Name or IP Addresses in Whitelist.
      3. Click OK.
    • Delete an IP address whitelist
      1. In the Edit VPC Whitelist panel, find the IP address whitelist that you want to delete and click Delete.
      2. In the message that appears, click OK.