Configure Allowed IP Addresses

  • Capella Operational
      +
      Before a cluster can connect to a client, you must add the client’s IP address to the cluster’s Allowed IP list.

      Overview

      Couchbase Capella only allows clusters to connect to trusted IP addresses. Each cluster has a configurable Allowed IP list that can include up to 75 entries. Each entry can be a single IP address or an IP address space. Any IP address you add to this list can have a user-specified expiration time for temporary access or be permanent. Capella automatically denies any connection attempts to and from an IP not in the allowed IP list.

      Prerequisites

      You must have the Organization Owner, Project Owner, or Project Manager role to view or update the list of allowed IP addresses. See Project Roles.

      Accessing Allowed IPs in the Capella UI

      Allowed IPs can be viewed and managed from the cluster maintenance page:

      1. Select the project containing the cluster from the project list.

      2. Select the cluster you wish to examine from the Operational Clusters screen.

      3. Select the Settings tab, then Networking from the left-hand menu.

      This Allowed IP summary displays the following information about each IP:

      IP Address/CIDR block

      The allowed IP address or address space.

      Status

      The current status of the allowed IP, which can include the following:

      • Active: The allowed IP address is active. An IP with this status can connect to and from the current cluster.

      • Pending: The allowed IP address is not yet active. An IP with this status is in the process of becoming active.

      • Failed: The allowed IP address is in a failed state. An IP with this status failed to activate and needs to be deleted and recreated.

      • Expired: The allowed IP address was configured as temporary and has expired. An IP with this status is currently disallowed and needs to be deleted and recreated to be allowed again.

      Expiration

      The expiration date and time of a temporary allowed IP.

      Type

      The type of allowed IP, which is either Temporary or Permanent.

      Comment

      The comment included with the allowed IP. If a comment exists for an allowed IP, a small comment icon appears here. Move your cursor over this icon to reveal the text of the comment in a tooltip.

      A Trash icon displayed at the end of each row can delete an allowed IP.

      Add an Allowed IP Address

      1. Select the project containing the cluster from the project list.

      2. Select the cluster you wish to examine from the Operational Clusters screen.

      3. Select the Settings tab, then Networking from the left-hand menu.

      4. Click Allowed IP Addresses.

      5. Click Add Allowed IP.

      6. Add information about the allowed IP or address space.

        1. Specify the IP address or address space.

          • Click Add Current IP Address to populate the Allowed IP / CIDR Block field with your IP address.

          • Click Allow Access from Anywhere to allow any IP address to connect to your cluster.

          • Enter an IP address or IP address range in CIDR notation in the Allowed IP / CIDR Block field.

        2. Configure how long you want this allowed IP address to be retained.

          Use the Hours/Days drop-down menu to choose if you want to keep this allowed IP for hours or days. Use the associated Time to Retain field to enter the number of hours or days you want the cluster to accept connections from the IP address.

          After the configured duration of time has elapsed, the entry expires, and the cluster stops taking connections from the IP address.
        3. (Optional) Add a comment.

          Use the Comment field to enter a comment that appears alongside the allowed IP address. This can help inform other users in your organization about why the IP address is being allowed.

          Comments cannot exceed 128 characters.
      7. Once you’re satisfied with the configuration, click Add Allowed IP.

        Repeat these steps to add more IPs as desired.

      It takes a few minutes for the cluster to begin honoring newly allowed IPs. If you try to immediately connect to the cluster from a newly allowed IP, your connection may be blocked.

      Modify an Allowed IP Address

      At this time, you cannot modify an existing allowed IP address. Instead, you’ll need to delete the allowed IP and add it again with the desired configuration changes.

      Delete an Allowed IP Address

      1. Select the project containing the cluster from the project list.

      2. Select the cluster you wish to examine from the Operational Clusters screen.

      3. Select the Settings tab, then Networking from the left-hand menu.

      4. From the list of allowed IPs, click on the trashcan icon for the IP address you want to delete.

      5. Verify that the IP you chose is the one you want to delete from the allowed list.

      6. Type delete into the provided field.

      7. Click Delete Allowed IP to remove the allowed IP from the cluster.

        When you delete an allowed IP, it can take a few minutes for the cluster to begin rejecting traffic from that address.