Manage the database IP access list

New Astra DB databases don’t restrict public access by default. However, you can configure your database’s IP access list to allow only client connections from trusted IP addresses. If configured, your database automatically denies any connection attempts to and from an IP not included in the list.

To restrict access and manage entries in the IP access list, you need the Organization Administrator or Database Administrator role.

Restrict public access to a database

By default, databases allow connection attempts from any public IP address.

  1. In the Astra Portal, click Databases, and then select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, enable the Restrict public access toggle.

  4. In the confirmation dialog, click Restrict Public Access.

When you enable the Restrict Public Access setting, your database is inaccessible to all internet traffic, which can disrupt any applications depending on it.

To prevent downtime, promptly add approved IP addresses or CIDR blocks to the access list.

Until you add entries to the access list, no external connections to your database are allowed.

However, this setting doesn’t affect private endpoint connections.

Add IP access list entries

You can add single entries or import multiple entries from a file or another database. Each entry can be a single IPv4 address or address space.

It can take a few minutes for your database to honor new IP access list entries. If you try to immediately connect to your database from a newly added IP, the database might block your connection.

Add a single entry

  1. In the Astra Portal, click Databases, and then select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, click Add Access, and then select Add IP Address.

  4. In the Add Access dialog, enter the IP address or CIDR-notated range of IP addresses that you want to be able to access your database.

    The Current IP Address field shows the IP address you are currently using to access the Astra Portal. You can click content_paste Copy to automatically paste this address into the IP Address or CIDR field.

    Using CIDR notation

    A CIDR range indicates a range of IP addresses. For example, the CIDR range 192.168.0.0/16 represents the first IP address of 192.168.0.0 through the last IP address of 192.168.255.255. The /16 mask indicates that the first 16 bits of the IP address are static. The addresses in the CIDR range are represented by all the permutations of the last 16 bits.

    Multiple tools are available online to help you convert a range of IP addresses to CIDR.

  5. Optional: Enter a description for the access list entry.

  6. Click Add Address.

Import entries from a file

You can import one or more IP access list entries from a JSON file.

Importing entries from a file overrides any existing access list entries.

  1. In the Astra Portal, click Databases, and then select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, click Add Access, and then select Upload from file.

  4. In the Upload list dialog, click Select File.

  5. Select a file on your computer that contains a list of IP access list entries in JSON format.

    You can use the following template to format your file:

    template.json
    {
      "addresses": [
        {
          "address": "192.168.0.1/32",
          "description": "This CIDR allows datacenter B to connect to database A",
          "enabled": true
        },
        {
          "address": "ADDRESS",
          "description": "DESCRIPTION",
          "enabled": false
        },
        {
          "address": "ADDRESS",
          "description": "DESCRIPTION",
          "enabled": false
        }
      ],
      "configurations": {
        "accessListEnabled": true
      }
    }

    When the file finishes uploading, a preview of the entries appears.

  6. Click Import List.

Import entries from another database

You can import database IP access list entries from another serverless database in your organization.

Importing entries from another database overrides any existing access list entries.

  1. In the Astra Portal, click Databases, and then select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, click Add Access, and then select Import from database.

  4. In the Import from database dialog, select another serverless database in your organization that has the IP access list entries that you want to apply to your current database.

    After selecting a database, a preview of the entries appears.

  5. Click Import List.

Edit IP access list entries

  1. In the Astra Portal, click Databases, and then select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, find the entry you want to edit, click more_vert More Options, and then select Edit.

  4. In the Add Access dialog, you can edit the Description.

  5. Click Update Address to save your changes.

Disable or delete IP access list entries

When you disable or delete an entry from the IP access list, it can take a few minutes for your database to reject new traffic from that address. Existing connections may remain open for an indefinite amount of time, depending on application behavior and how the connection was established.

  1. In the Astra Portal, click Databases, and then select your database.

  2. Click the Settings tab.

  3. In the IP Access List section, find the entry you want to disable or delete, click more_vert More Options, and then select either Disable or Delete.

  4. In the confirmation dialog, click Disable or Delete.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com