IP whitelist templates let you define a reusable set of IP addresses or CIDR blocks and apply it to multiple Elasticsearch (ES) clusters at once. When you update a template, the changes are automatically pushed to all associated clusters — keeping their whitelists in sync without requiring per-cluster updates.
Region availability
The IP whitelist template feature is available only in the Singapore region.
Prerequisites
Before you begin, ensure that you have:
-
Access to the Elasticsearch console
-
One or more ES clusters in the Singapore region
Create an IP whitelist template and associate clusters
-
Log on to the Elasticsearch console. In the navigation pane on the left, choose IP Whitelist Template.
-
Click Create IP Whitelist Template and configure the following parameters:
ImportantKeep the following in mind when entering IP addresses: - Setting the IP address range to
0.0.0.0/0allows access from the internet. Use this setting with caution. - If the whitelist contains only127.0.0.1, all access is denied. If other IP addresses or CIDR blocks are also configured, the127.0.0.1entry has no effect.Parameter Description IP Whitelist Template Name A unique name for the template. The name must be unique within your Alibaba Cloud account. IP Address Whitelist Type Select ES private whitelist or ES public whitelist based on your use case. IP Addresses in Whitelist The IP addresses or CIDR blocks to allow access. A single template supports up to 300 IP addresses or CIDR blocks. Separate multiple entries with commas with no spaces. Associated Instance The clusters to associate with this template. The console lists clusters that match the template type (private or public) and region. -
Click OK. If the precheck succeeds, the new template appears in the template list. If any configuration fails the check, the template is not created.
Associate or disassociate a template from a cluster
In addition to associating clusters when creating a template, you can manage template associations from any cluster's Security Settings page.
On the Security Settings page of the cluster, modify the Private IP Address Whitelist or the Public IP Address Whitelist setting:
Manage IP whitelist templates
From the template list, you can modify, view details of, or delete templates.
| Operation | Description |
|---|---|
| Modify | Update the template name or IP addresses. Changes are automatically pushed to all associated clusters, keeping their whitelists consistent with the template. |
| Details | View the IP addresses in the template and the list of associated clusters. |
| Delete | Delete the template. Disassociate all clusters from the template before deleting it. |
Quotas and limits
| Limit | Value |
|---|---|
| Total IP capacity per cluster | 300 IP addresses or CIDR blocks. This is the combined total of IPs configured directly on the cluster and unique IPs contributed by all associated templates. |
| Maximum templates per cluster | 10 (5 for private access and 5 for public access) |
| Maximum clusters per template | 30 ES clusters |