Manage IP access list entries

New databases don’t restrict public access by default. However, you can configure your database’s IP access list to allow only client connections from trusted IP addresses. If configured, your database automatically denies any connection attempts to and from an IP not included in the list.

To restrict access and manage entries in the IP access list, you must have one of the following roles:

Restrict public access

By default, databases allow connection attempts from any public IP address.

  1. In the Astra Portal, go to Databases and select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, turn on Restrict public access.

  4. In the confirmation dialog, click Restrict Public Access.

As soon as you turn on the Restrict Public Access setting, your database is inaccessible to all internet traffic, which can disrupt any applications depending on it. To prevent downtime, promptly add entries with approved IP addresses or CIDR blocks to the access list. Until you add entries to the access list, no external connections to your database are allowed.

Note, however, that this setting does not affect private endpoint connections.

Add IP access list entries

You can add a single entry, or import multiple entries from a file or another database. Each entry can be a single IPv4 address or address space.

It can take a few minutes for your database to honor new IP access list entries. For example, if you try to immediately connect to your database from a newly added IP, the database may block your connection.

Add a single entry

To add a single entry to the IP access list:

  1. In the Astra Portal, go to Databases and select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, click Add Access and select Add IP Address.

  4. In the Add Access dialog, configure the following fields:

    1. Current IP Address: The IP address you are currently using to access the Astra Portal. Click the clipboard icon to automatically paste this address into the IP Address or CIDR field.

    2. IP Address or CIDR: Enter the IP address or CIDR-notated range of IP addresses you want to be able to access your database.

      Using CIDR notation

      A CIDR range indicates a range of IP addresses. For example, the CIDR range 192.168.0.0/16 represents the first IP address of 192.168.0.0 through the last IP address of 192.168.255.255. The /16 mask indicates that the first 16 bits of the IP address are static. The addresses in the CIDR range are represented by all the permutations of the last 16 bits.

      Tools are available online to help you convert a range of IP addresses to CIDR, such as https://www.ipaddressguide.com/cidr.

    3. Description (Optional): Enter a description or other information about the access list entry.

  5. Click Add Address.

The new address appears in the IP Access List section.

Import entries from a file

You can import one or more IP access list entries from a JSON file.

Importing entries from a file overrides any current restrictions on your database.

  1. In the Astra Portal, go to Databases and select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, click Add Access and select Upload from file.

  4. In the Upload list dialog, click Select File.

  5. Select a file on your computer that contains a list of IP access list entries in JSON format.

    You can use the following template to format your file:

    template.json
    {
      "addresses": [
        {
          "address": "192.168.0.1/32",
          "description": "This CIDR allows datacenter B to connect to database A",
          "enabled": true
        },
        {
          "address": "$ADDRESS",
          "description": "$DESCRIPTION",
          "enabled": false
        },
        {
          "address": "$ADDRESS",
          "description": "$DESCRIPTION",
          "enabled": false
        }
      ],
      "configurations": {
        "accessListEnabled": true
      }
    }

    Once the file finishes uploading, a preview of the entries appears.

  6. Click Import List.

The new entries appear in the IP Access List section.

Import entries from another database

You can import the IP access list entries from another serverless database in your organization.

  1. In the Astra Portal, go to Databases and select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, click Add Access and select Import from database.

  4. In the Import from database dialog, use the Select a database dropdown menu to select another serverless database in your organization that has IP access list entries that you want to apply to your current database.

    After selecting a database, a preview of the entries appears.

  5. Click Import List.

The new entries appear in the IP Access List section.

Edit IP access list entries

  1. In the Astra Portal, go to Databases and select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, find the entry you want to edit and click the overflow menu icon (three dots). Select Edit.

  4. In the Add Access dialog, you can edit the Description.

  5. Click Update Address to save your changes.

Disable or delete IP access list entries

  1. In the Astra Portal, go to Databases and select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, find the entry you want to disable and click the overflow menu icon (three dots). Select Disable to disable the entry, or select Delete to delete the entry.

  4. In the confirmation dialog, click Disable or Delete.

When you disable or delete an entry from the IP access list, it can take a few minutes for your database to begin rejecting new traffic from that address. Existing connections may remain open for an indefinite amount of time, depending on application behavior and how the connection was established.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com