All Products
Search

This Product

    ApsaraDB for MongoDB:Configure a whitelist

    Document Center

    ApsaraDB for MongoDB:Configure a whitelist

    Last Updated:Jun 02, 2026

    ApsaraDB for MongoDB blocks all access by default (IP address 127.0.0.1). Configure a whitelist to allow connections to your instance. Maintain whitelists regularly for optimal security.

    Prerequisites

    • You have created an instance by following the Quick Start steps.

    • The instance is in the Running state.

    Procedure

    The steps below modify the default whitelist group. To create a whitelist group or configure a security group, use Manage whitelists and security groups.

    1. Go to the Replica Set Instances or Sharded Cluster Instances page. In the top navigation bar, select the resource group and region to which the desired instance belongs. Then, find the instance and click the instance ID.

    2. In the left-side navigation pane of the instance details page, choose Data Security > Whitelist Settings.

    3. In the Whitelist Settings section, use one of the following methods to modify the whitelist for the instance.

      Modify manually

      1. In the Actions column of the target group, click Modify.

      2. In the Manually Modify panel, enter IP addresses or IP address ranges in the IP White List text box.

        • The following formats are supported:

          • A single IP address. Example: 10.23.12.24.

          • 0.0.0.0/0

            Warning

            Setting the whitelist to 0.0.0.0/0 allows access from any IP address. This creates a high security risk for your ApsaraDB for MongoDB instance. Use this value with caution.

          • CIDR format, which stands for Classless Inter-Domain Routing. For example, in 10.23.12.24/24, /24 indicates the prefix length of the address. The prefix length can be an integer from 1 to 32.

        • Separate multiple IP addresses or IP address ranges with commas (,).

      3. Click Confirm.

      Add ECS private IPs

      1. In the Actions column of the target group, click Add Internal IP Addresses of ECS Instances.

      2. In the Import ECS Intranet IP panel, select the private IP addresses of the ECS instances that you want to add from the IP Whitelist list.

      3. Click 添加.

      4. Click OK.

    What to do next

    Connect to an instance

    FAQ

    What IP addresses should I add to the whitelist before connecting to an instance?

    The required IP addresses depend on your network environment and connection method:

    • Connect from a local client (public connection)

      Add the public IP address of your local client to the whitelist.

    • Connect from an ECS client

      • Same VPC: Connect over the private network. Click Add Internal IP Addresses of ECS Instances to add the ECS private IP address to the whitelist.

      • Different VPC: Connect over the public network. In the ECS console, find the public IP address of the ECS instance and add it to the whitelist.

    • Connect using DMS

      DMS automatically adds its server IP addresses to the whitelist. No manual configuration is required. If not added automatically, manually add the DMS IP address ranges.