All Products
Search

This Product

    Serverless App Engine:Configure a whitelist for an ApsaraDB for MongoDB instance

    Document Center

    Serverless App Engine:Configure a whitelist for an ApsaraDB for MongoDB instance

    Last Updated:Oct 13, 2023

    If an application that is hosted on Serverless App Engine (SAE) needs to access an ApsaraDB for MongoDB instance, you must configure a whitelist for the ApsaraDB for MongoDB instance. This topic describes how to configure a whitelist for an ApsaraDB for MongoDB instance in different scenarios.

    Scenario 1: An application accesses an ApsaraDB for MongoDB instance in the same virtual private cloud (VPC)

    1. Obtain the IP addresses of the VPC and vSwitch of the SAE application.

      1. Log on to the SAE console.

      2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

      3. Obtain the IP addresses.

        • VPC: In the Application Information section of the Basic Information tab, click the name of the VPC field to go to the VPC console. On the Information tab, copy and save the value of the IPv4 CIDR Block parameter.

        • vSwitch: In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

    2. Log on to the ApsaraDB for MongoDB console.

    3. In the left-side navigation pane, click Replica Set Instances, Sharded Cluster Instances, or Serverless Instances based on the instance type.

    4. In the upper-left corner of the page, select the resource group and region to which the instance belongs.

    5. Click the ID of an instance, or click More icon in the Actions column corresponding to the instance and select Manage.

    6. In the left-side navigation pane of the instance details page, choose Data Security > Whitelist Settings.

    7. In the Create Whitelist section, find the default group, select Manually Modify in the Actions column.

      Note

      You can also click Create Whitelist to create an IP address whitelist.

    8. In the IP Whitelist field of the Manually Modify panel, enter the IP addresses that you obtained in Step 1 and click OK. db_configure_a_whitelist_for_mongodb_instances

      Note

      You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

      After you configure the settings, the application that you deployed on SAE can access the ApsaraDB for MongoDB instance in the same VPC.

    Scenario 2: An application accesses an ApsaraDB for MongoDB instance across VPCs or regions

    VPCs or regions are logically isolated from each other. Therefore, you cannot access ApsaraDB for MongoDB instances across VPCs or regions by default. If your application needs to access an ApsaraDB for MongoDB instance across VPCs or regions, perform the following steps:

    1. Before you configure a whitelist, make sure that the following prerequisites are met:

      A service bundle that consists of an Internet NAT gateway and an elastic IP address (EIP) is purchased, and Internet access is enabled for the SAE application. For more information, see Configure a NAT gateway for an SAE application to enable Internet access.

    2. Obtain the EIP of the SAE application and the CIDR block of the vSwitch.

      1. Log on to the SAE console.

      2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. Then, click the name of an application.

      3. In the Application Information section of the Basic Information tab, click the name of the vSwitch field to go to the VPC console. On the vSwitch Basic Information page, copy and save the value of the IPv4 CIDR Block parameter.

      4. In the left-side navigation pane, choose NAT Gateway > Internet NAT Gateway.

      5. On the Internet NAT Gateway page, find the required NAT gateway, and copy and save the value that is displayed in the Elastic IP Address column.

    3. Log on to the ApsaraDB for MongoDB console.

    4. In the left-side navigation pane, click Replica Set Instances, Sharded Cluster Instances, or Serverless Instances based on the instance type.

    5. In the upper-left corner of the page, select the resource group and region to which the instance belongs.

    6. Click the ID of an instance, or click More icon in the Actions column corresponding to the instance and select Manage.

    7. In the left-side navigation pane of the instance details page, choose Data Security > Whitelist Settings.

    8. In the Create Whitelist section, find the default group, select Manually Modify in the Actions column.

      Note

      You can also click Create Whitelist to create an IP address whitelist.

    9. In the IP Whitelist field of the Manually Modify panel, enter the IP addresses that you obtained in Step 2 and click OK. db_configure_a_whitelist_for_mongodb_instances_cross_vpc_or_region

      Note

      You can add up to 1,000 IP addresses or CIDR blocks to the whitelist of an instance. Separate multiple IP addresses or CIDR Blocks with commas (,) and make sure that no spaces precede or follow each comma.

      After you configure the settings, the application that you deployed on SAE can access the ApsaraDB for MongoDB instance across VPCs or regions.

    References

    You can configure an IP address whitelist to access an ApsaraDB for MongoDB instance. You can also configure a security group to access the ApsaraDB for MongoDB instance. For more information, see Configure an ECS security group.