All Products
Document Center

ApsaraDB for MongoDB:Configure a whitelist for an ApsaraDB for MongoDB instance

Last Updated:Jul 17, 2023

This topic describes how to configure a whitelist for an ApsaraDB for MongoDB instance. Only the devices whose IP addresses are added to the whitelists of the instance are allowed to access the instance. The default whitelist contains only the IP address The IP address indicates that no devices can connect to the instance. Proper configuration of whitelists can enhance access security of ApsaraDB for MongoDB instances. We recommend that you maintain your whitelists on a regular basis.


  1. Log on to the ApsaraDB for MongoDB console.
  2. In the left-side navigation pane, click Replica Set Instances.
  3. In the upper-left corner of the page, select the resource group and region to which the instance belongs.
  4. Click the ID of an instance, or click More icon in the Actions column corresponding to the instance and select Manage.
  5. In the left-side navigation pane of the instance details page, choose Data Security > Whitelist Settings.
  6. In the Create Whitelist section, use one of the following methods to configure a whitelist for the instance.
    • Manually add IP addresses to an instance whitelist
      • An IP address can be specified in one of the following formats:
        • A single IP address. Example:
        • A CIDR block. For more information about CIDR blocks, see FAQ. Example: 24 indicates that the prefix of the CIDR block is 24 bits in length. You can replace 24 with a value within the range of 1 to 32.
      • Separate multiple IP addresses with commas (,).
      • If you specify only in a whitelist or left the whitelist empty, the instance can be accessed by all IP addresses. In this situation, the instance databases are at high security risk. Proceed with caution.
      1. Click Manually Modify in the Actions column corresponding to an IP whitelist.
      2. In the pane, enter IP addresses or CIDR blocks in the IP Whitelist box.
      3. Click OK.
    • Load IP addresses of ECS instances to an instance whitelist
      1. Click Import ECS Intranet IP in the Actions column corresponding to an IP whitelist.
      2. In the IP Whitelist list of the Import ECS Intranet IP pane, select the Elastic Compute Service (ECS) internal IP addresses that you want to add to the whitelist
      3. Click Add.
      4. Click OK.

Related operations