Manage database IP access list entries
New databases don’t restrict public access by default. However, you can configure your database’s IP access list to allow only client connections from trusted IP addresses. If configured, your database automatically denies any connection attempts to and from an IP not included in the list.
To restrict access and manage entries in the IP access list, you need the Organization Administrator or Database Administrator role.
Restrict public access to a database
By default, databases allow connection attempts from any public IP address.
-
In the Astra Portal, click Databases, and then select your database.
-
Click the Settings tab.
-
In the IP Access List section, enable the Restrict public access toggle.
-
In the confirmation dialog, click Restrict Public Access.
Next, add IP access list entries.
|
When you restrict public access, your database becomes inaccessible to all internet traffic. This can disrupt any applications that depend on a connection to your database. To prevent downtime, promptly add approved IP addresses or CIDR blocks to the access list. Until you add entries to the access list, no external connections to your database are allowed. |
Restricting public access doesn’t affect private endpoint connections. However, DataStax recommends restricting public access to ensure that your database is available only through private endpoints and allowed IPs.
Add IP access list entries
You can add single entries or import multiple entries from a file or another database. Each entry can be a single IPv4 address or address space.
-
Add one entry
-
Import entries from a file
-
Copy entries from another database
-
In the Astra Portal, click Databases, and then select your database.
-
Click the Settings tab.
-
In the IP Access List section, click Add Access, and then select Add IP Address.
-
In the Add Access dialog, enter the IP address or CIDR-notated range of IP addresses that you want to be able to access your database.
The Current IP Address field shows the IP address you are currently using to access the Astra Portal. You can click Copy to automatically paste this address into the IP Address or CIDR field.
Using CIDR notation
A CIDR range indicates a range of IP addresses. For example, the CIDR range
192.168.0.0/16represents the first IP address of192.168.0.0through the last IP address of192.168.255.255. The/16mask indicates that the first 16 bits of the IP address are static. The addresses in the CIDR range are represented by all the permutations of the last 16 bits.Multiple tools are available online to help you convert a range of IP addresses to CIDR.
-
Optional: Enter a description for the access list entry.
-
Click Add Address.
You can import one or more IP access list entries from a JSON file.
|
Importing entries from a file overrides any existing access list entries. |
-
In the Astra Portal, click Databases, and then select your database.
-
Click the Settings tab.
-
In the IP Access List section, click Add Access, and then select Upload from file.
-
In the Upload list dialog, click Select File.
-
Select a file on your computer that contains a list of IP access list entries in JSON format.
You can use the following template to format your file:
template.json{ "addresses": [ { "address": "192.168.0.1/32", "description": "This CIDR allows datacenter B to connect to database A", "enabled": true }, { "address": "ADDRESS", "description": "DESCRIPTION", "enabled": false }, { "address": "ADDRESS", "description": "DESCRIPTION", "enabled": false } ], "configurations": { "accessListEnabled": true } }When the file finishes uploading, a preview of the entries appears.
-
Click Import List.
You can import database IP access list entries from another serverless database in your organization.
|
Importing entries from another database overrides any existing access list entries. |
-
In the Astra Portal, click Databases, and then select your database.
-
Click the Settings tab.
-
In the IP Access List section, click Add Access, and then select Import from database.
-
In the Import from database dialog, select another serverless database in your organization that has the IP access list entries that you want to apply to your current database.
After selecting a database, a preview of the entries appears.
-
Click Import List.
Test the connection and restart applications
After you add IP access list entries, restart any applications, including clients and drivers, that depend on a connection to your database. DataStax recommends that you test IP access list changes in a development environment before you apply them in production.
The database can take a few minutes to honor new IP access list entries. Wait a few minutes before attempting to connect to your database from the new IP address.
Edit IP access list entries
-
In the Astra Portal, click Databases, and then select your database.
-
Click the Settings tab.
-
In the IP Access List section, find the entry you want to edit, click More Options, and then select Edit.
-
In the Add Access dialog, you can edit the Description.
-
Click Update Address to save your changes.
Disable or delete IP access list entries
|
When you disable or delete an entry from the IP access list, the database can take a few minutes to reject new traffic from that address. Existing connections can remain open for an indefinite amount of time, depending on application behavior and how the connection was established. |
-
In the Astra Portal, click Databases, and then select your database.
-
Click the Settings tab.
-
In the IP Access List section, find the entry you want to disable or delete, click More Options, and then select either Disable or Delete.
-
In the confirmation dialog, click Disable or Delete.
