This topic describes how to configure a whitelist for an ApsaraDB for MongoDB instance. Only the devices whose IP addresses are added to the whitelists of the instance are allowed to access the instance. The default whitelist contains only the IP address The IP address indicates that no devices can connect to the instance. Proper configuration of whitelists can enhance access security of ApsaraDB for MongoDB instances. We recommend that you maintain your whitelists on a regular basis.


  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and region to which the instance belongs.
  3. In the left-side navigation pane, click Sharded cluster instance.
  4. On the page that appears, find the instance that you want to manage and click its ID.
  5. In the left-side navigation pane, choose Data Security > Whitelist Settings.
  6. In the Create Whitelist section, use one of the following methods to configure a whitelist for the instance.
    • Manually add IP addresses to an instance whitelist
      • An IP address can be specified in one of the following formats:
        • A single IP address. Example:
        • A CIDR block. For more information about CIDR blocks, see FAQ. Example: 24 indicates that the prefix of the CIDR block is 24 bits in length. You can replace 24 with a value within the range of 1 to 32.
      • Separate multiple IP addresses with commas (,).
      • If you specify only in a whitelist or left the whitelist empty, the instance can be accessed by all IP addresses. In this situation, the instance databases are at high security risk. Proceed with caution.
      1. Click More in the Actions column and select Manually Modify.
      2. In the Manually Modify panel, enter IP addresses or CIDR blocks in the IP Whitelist text box.
      3. Click OK.
    • Load IP addresses of ECS instances to an instance whitelist
      1. Click Import ECS Intranet IP in the Actions column.
      2. In the IP Whitelist list of the Import ECS Intranet IP panel, select the Elastic Compute Service (ECS) internal IP addresses that you want to add to the whitelist.
      3. Click Add.
      4. Click OK.

Related operations