Configure Allowed IP Addresses

    +
    Before a cluster can connect to a client, you must add that client’s IP address to the cluster’s list of allowed IP addresses.

    Overview

    Couchbase Cloud only allows clusters to connect to trusted IP addresses. Each cluster has a configurable list of allowed IPs that it can connect to. Any attempted connection to/from an IP address that isn’t in a cluster’s list of allowed IPs will be denied.

    Allowed IPs are configured per-cluster, and can be configured for a single address or an address space. Allowed IPs can also be made temporary with user-specified expiration times.

    Reserved IP Addresses

    Couchbase Cloud automatically allows a certain number of reserved IP addresses on every cluster. These IP addresses are reserved exclusively for communication with the Couchbase Cloud Control Plane for the purposes of managing the cluster. These IPs cannot be modified or disallowed.

    You can view which reserved IPs are currently being allowed on a cluster by going to the Allowed IPs fly-out menu that is described in the next section.

    Accessing Allowed IPs in the Couchbase Cloud UI

    Allowed IPs can be viewed by any user with Project View privileges for the project that contains the cluster. However, allowed IPs can only be managed by users with Project Edit privileges.

    Allowed IPs can be viewed and managed by going to a cluster’s Connect tab and clicking Allowed IPs. The Allowed IPs fly-out menu displays controls for configuring an allowed IP, and includes a summary of all existing allowed IPs on the cluster.

    The 'Allowed IPs' fly-out menu showing multiple existing IPs in the 'Allowed IPs' section.

    The Allow an IP section of the fly-out menu contains the controls that you use to add an allowed IP.

    The Allowed IPs section of the fly-out menu displays a summary of all the existing allowed IPs that are configured on the cluster. Each row in the summary displays the following information:

    • The allowed IP address or address space

    • The status of the IP address

      Allowed IPs can have the following statuses:

      • Pending: The allowed IP address is not yet active. An IP with this status either needs to be saved, or is in the process of becoming active.

      • Permanent: The allowed IP address is permanently active and will not expire. An IP with this status can only become disallowed by deleting it.

      • Expires in *: The allowed IP address is temporarily active. An IP with this status will become disallowed either after the configured amount of time elapses, or when it is deleted, whichever happens first.

      • Expired: The allowed IP address was originally configured as temporary, and is now expired. An IP with this status is currently disallowed, and needs to be deleted and recreated in order to be allowed again.

    • A Trash icon for deleting the allowed IP

    You can click on any allowed IP address entry to expand it and view additional details.

    At the bottom of the Allowed IPs section, a list of the reserved IPs that are currently being allowed on the cluster is displayed.

    Add an Allowed IP Address

    To add an IP address to a cluster’s list of allowed IPs, you must have Project Edit privileges for the project that contains the cluster on which you are allowing the IP.

    1. Go to the cluster’s Connect tab.

      1. Go to the Clusters tab in the main navigation.

      2. Find and click on the cluster that you wish to add an allowed IP to.

        This opens the cluster with its Overview tab selected.

      3. Click the Connect tab.

    2. Click Allowed IPs.

      This opens the Allowed IPs fly-out menu.

    3. Add the IP address configuration.

      In the Allow an IP section, configure the following details:

      1. Specify the IP address or address space.

        In the IP Address or Address Space field, enter the IP address or address space that you want to allow the cluster to communicate with.

      2. (Optional) Configure the allowed IP to be temporary.

        Select the checkbox labeled Save as temporary to configure the IP address to only be allowed for a limited amount of time. Use the associated field and controls to specify the duration (number of hours) that the cluster will accept connections from the IP address. After the configured amount of time has elapsed, the entry will expire and the cluster will stop taking connections from the IP address.

      3. (Optional) Add a comment.

        Use the Comment field to enter a comment that will display alongside the allowed IP address. This can be helpful for informing other users in your organization about why the IP address is being allowed.

      Once you’re satisfied with the configuration, click Add IP.

      You can repeat the above steps to add additional IPs as desired. Just note that each IP is added in Pending state, and are not committed until you complete the next step.

    4. After you add the IP configuration(s), click Save to commit them.

      This saves all IPs that are in a pending state and makes them active. Note that it takes a few minutes for the cluster to begin honoring newly allowed IPs. If you try to immediately connect to the cluster from a newly allowed IP, your connection may be blocked.

    Modify an Allowed IP Address

    At this time, you cannot directly modify an existing allowed IP address. Instead, you’ll need to delete the allowed IP and then add it back again with the desired configuration changes.

    Delete an Allowed IP Address

    To delete an IP address from a cluster’s list of allowed IPs, you must have Project Edit privileges for the project that contains the cluster on which you are deleting the allowed IP.

    1. Go to the cluster’s Connect tab.

      1. Go to the Clusters tab in the main navigation.

      2. Find and click on the cluster that you wish to delete the allowed IP from.

        This opens the cluster with its Overview tab selected.

      3. Click the Connect tab.

    2. Click Allowed IPs.

      This opens the Allowed IPs fly-out menu.

    3. In the Allowed IPs section, click the Trash icon next to the IP that you wish to delete from the list.

      You can delete multiple allowed IPs as desired. Just note that even though the entries disappear from the list, the IP addresses are not actually removed until you complete the next step.

    4. Click Save to completely remove the allowed IPs from the cluster.

      Just like when you add an IP to the cluster’s list of allowed IPs, when you delete an allowed IP, it takes a few minutes for the cluster to begin rejecting traffic from that address.