Configure Allowed IP Addresses

    +
    Before a cluster can connect to a client, you must add that client’s IP address to the cluster’s list of allowed IP addresses.

    Overview

    Couchbase Capella only allows clusters to connect to trusted IP addresses. Each cluster has a configurable list of allowed IPs that it can connect to. Any connection attempts to and from an IP address that isn’t in a cluster’s list of allowed IPs are denied.

    Allowed IPs are configured per cluster and can be configured for a single address or an address space. Allowed IPs can also be made temporary with user-specified expiration times.

    Accessing Allowed IPs in the Capella UI

    Allowed IP addresses can be viewed by all project roles, but only those users with the Project Owner or Cluster Manager roles can configure them.

    Users with the Organization Owner role automatically have the Project Owner role for all projects in their organization, so they can also configure allowed IPs.

    Allowed IPs can be viewed and managed by going to a cluster’s Connect tab and clicking Manage Allowed IP. The Allowed IP summary lists all existing allowed IPs on the cluster and provides controls to manage them.

    The 'Allowed IP' summary showing multiple existing allowed IPs.

    This Allowed IP summary displays the following information about each IP:

    IP Address/CIDR block

    The allowed IP address or address space.

    Status

    The current status of the allowed IP, which can include the following:

    • Active: The allowed IP address is active. An IP with this status can connect to and from the current cluster.

    • Pending: The allowed IP address is not yet active. An IP with this status is in the process of becoming active.

    • Failed: The allowed IP address is in a failed state. An IP with this status failed to activate and needs to be deleted and recreated.

    • Expired: The allowed IP address was configured as temporary and has expired. An IP with this status is currently disallowed and needs to be deleted and recreated to be allowed again.

    Expiration

    The expiration date and time of a temporary allowed IP.

    Type

    The type of allowed IP, which is either Temporary or Permanent.

    Comment

    The comment included with the allowed IP. If a comment exists for an allowed IP, a small comment icon is shown here. Hovering your mouse over this icon will reveal the text of the comment in a tooltip.

    A Trash icon displayed at the end of each row can delete an allowed IP.

    Add an Allowed IP Address

    To add an IP address to a cluster’s list of allowed IPs, you must have the Project Owner or Cluster Manager role for the project containing the cluster you are allowing the IP for.

    1. Go to the cluster’s Connect tab.

      1. Go to the Clusters tab in the main navigation.

      2. Find and click on the cluster that you wish to add an allowed IP to.

        This opens the cluster with its Metrics tab selected.

      3. Click the Connect tab.

    2. Click Manage Allowed IP.

      This opens the Allowed IP summary list.

    3. Click Add Allowed IP.

      This opens the Add Allows IP fly-out menu.

    4. Add information about the allowed IP or address space.

      1. Choose if the IP or address space is a temporary or permanent IP.

        Click on the Add Temporary IP or Add Permanent IP card. Temporary IPs are useful for development purposes and testing as they automatically expire after a duration that you specify. Permanent IPs are retained until you delete them.

      2. Specify the IP address or address space.

        In the IP Address/CIDR field, enter the IP or address space that you want to allow the cluster to communicate with.

        Clicking Add My IP will automatically fill in this field with the IP address your computer is using to communicate with Couchbase Capella.
      3. (Temporary IP Only) Configure how long you want this allowed IP address to be retained.

        Use the Hours/Days drop-down menu to choose if you want to keep this allowed IP for hours or days. Use the associated Time to Retain field to enter the number of hours or days you want the cluster to accept connections from the IP address. After the configured duration of time has elapsed, the entry will expire, and the cluster will stop taking connections from the IP address.

        A temporary IP must have a minimum retention period of one hour or one day.
      4. (Optional) Add a comment.

        Use the Comment field to enter a comment that will become available alongside the allowed IP address. This can help inform other users in your organization about why the IP address is being allowed.

        Comments cannot exceed 128 characters.
    5. Once you’re satisfied with the configuration, click Add IP.

      You can repeat the above steps to add more IPs as desired.

    Note that it takes a few minutes for the cluster to begin honoring newly allowed IPs. If you try to immediately connect to the cluster from a newly allowed IP, your connection may be blocked.

    Modify an Allowed IP Address

    At this time, you cannot modify an existing allowed IP address. Instead, you’ll need to delete the allowed IP and add it again with the desired configuration changes.

    Delete an Allowed IP Address

    To delete an IP address from a cluster’s list of allowed IPs, you need the Project Owner or Cluster Manager roles for the project containing the cluster from which you are deleting the allowed IP.

    1. Go to the cluster’s Connect tab.

      1. Go to the Clusters tab in the main navigation.

      2. Find and click on the cluster that you wish to add an allowed IP to.

        This opens the cluster with its Metrics tab selected.

      3. Click the Connect tab.

    2. In the Allowed IP summary list, click the Trash icon on the row of the IP that you want to delete from the list.

      This opens the Delete IP fly-out menu.

    3. Confirm deleting the IP.

      1. Verify that the IP you chose is the one you want to delete from the allowed list.

      2. Type delete into the provided field.

      3. Click Delete to remove the allowed IP from the cluster.

        When you delete an allowed IP, it can take a few minutes for the cluster to begin rejecting traffic from that address.