To configure the same IP whitelist for multiple ES clusters, you can use the whitelist template feature. You can create a reusable collection of IP addresses as a template and associate it with multiple ES clusters in a batch operation.
Usage notes
The IP whitelist template feature is available only in the Singapore region.
Create an IP whitelist template and associate clusters
Log on to the Elasticsearch console. In the navigation pane on the left, choose IP Whitelist Template.
Click Create IP Whitelist Template and configure the following parameters:
IP Whitelist Template Name: Enter a unique name for the template. The name must be unique within your Alibaba Cloud account.
IP Address Whitelist Type: Select ES private whitelist or ES public whitelist based on your application scenario.
IP Addresses in Whitelist: Enter the IP addresses or CIDR blocks that are allowed access. A single template can contain up to 300 IP addresses or CIDR blocks. Separate multiple entries with commas. Do not add spaces before or after the commas.
ImportantSetting the IP address range to 0.0.0.0/0 allows access from the Internet. Use this setting with caution.
If the whitelist contains only 127.0.0.1, all access is denied. If other IP addresses or CIDR blocks are also configured, the 127.0.0.1 entry has no effect.
Associated Instance: When creating the template, select the clusters to associate with the template. The system automatically lists clusters that match the template type (public or private) and region.
Click OK. If the precheck is successful, the new template appears in the template list. If any configuration fails the check, the template is not created.
You can also manage the IP whitelist settings from the details page of an associated cluster. For more information, see Associate or disassociate a template from an cluster.
Associate or disassociate a template from an cluster
In addition to associating clusters from the template settings, you can also go to a specific cluster and associate or disassociate whitelist templates on the Security Settings page.
On the Security Settings page of the cluster, modify the Private IP Address Whitelist or the Public IP Address Whitelist.
VPC Private Access Whitelist
Public Access Whitelist
Manage IP whitelist templates
In the template list, you can modify, view the details of, and delete created templates.
Operation | Description |
Modify | Modify the basic information of the template, such as its name and IP addresses. When the template content, such as IP addresses, changes, this operation pushes the latest content to all associated clusters. This keeps the cluster whitelists consistent with the template. |
Details | View the details of the template, including the IP addresses it contains and the list of associated clusters. |
Delete | Delete the template. Important If the template is associated with clusters, disassociate all of them before you delete the template. |
Quotas and limits
The following limits apply when you use IP whitelist templates:
Limit | Description |
Total IP capacity per cluster | The total IP whitelist capacity for each ES cluster is 300 IP addresses or CIDR blocks. This capacity is the sum of the IP addresses configured on the cluster itself and the unique IP addresses from all associated templates. |
Maximum templates per cluster | Each ES cluster can be associated with a maximum of 10 IP whitelist templates: 5 for private access and 5 for public access. |
Maximum clusters per template | Each IP whitelist template can be associated with a maximum of 30 ES clusters. |