Configure Allowed IP Addresses

      +
      Before a database can connect to a client, you must add the client’s IP address to the database’s Allowed IP list.

      Overview

      Couchbase Capella only allows databases to connect to trusted IP addresses. Each database has a configurable Allowed IP list that can include up to 75 entries. Each entry can be a single IP address or an IP address space. Any IP address you add to this list can have a user-specified expiration time for temporary access or be permanent. Capella automatically denies any connection attempts to and from an IP not in the allowed IP list.

      Accessing Allowed IPs in the Capella UI

      Allowed IP addresses can be viewed by all project roles, but only those users with the Project Owner or Database Manager roles can configure them.

      Users with the Organization Owner role automatically have the Project Owner role for all projects in their organization, so they can also configure allowed IPs.

      Allowed IPs can be viewed and managed from the database maintenance page:

      1. Select the project containing the database from the project list.

      2. Select the database you wish to examine from the Your Databases screen.

      3. Select the Settings tab, then Networking from the left-hand menu.

      This Allowed IP summary displays the following information about each IP:

      IP Address/CIDR block

      The allowed IP address or address space.

      Status

      The current status of the allowed IP, which can include the following:

      • Active: The allowed IP address is active. An IP with this status can connect to and from the current database.

      • Pending: The allowed IP address is not yet active. An IP with this status is in the process of becoming active.

      • Failed: The allowed IP address is in a failed state. An IP with this status failed to activate and needs to be deleted and recreated.

      • Expired: The allowed IP address was configured as temporary and has expired. An IP with this status is currently disallowed and needs to be deleted and recreated to be allowed again.

      Expiration

      The expiration date and time of a temporary allowed IP.

      Type

      The type of allowed IP, which is either Temporary or Permanent.

      Comment

      The comment included with the allowed IP. If a comment exists for an allowed IP, a small comment icon is shown here. Hovering your mouse over this icon will reveal the text of the comment in a tooltip.

      A Trash icon displayed at the end of each row can delete an allowed IP.

      Add an Allowed IP Address

      To add an IP address to a database’s list of up to 75 allowed IPs, you must have the Project Owner or Database Manager role for the project containing the database you are allowing the IP for.

      1. Select the project containing the database from the project list.

      2. Select the database you wish to examine from the Your Databases screen.

      3. Select the Settings tab, then Networking from the left-hand menu.

      4. Click Manage Allowed IP.

        This opens the Allowed IP summary list.

      5. Click Add Allowed IP.

        This opens the Add Allows IP page.

      6. Add information about the allowed IP or address space.

        1. Choose if the IP or address space is a temporary or permanent IP.

          Click on the Add Temporary IP or Add Permanent IP card. Temporary IPs are useful for development purposes and testing as they automatically expire after a duration that you specify. Permanent IPs are retained until you delete them.

        2. Specify the IP address or address space.

          In the IP Address/CIDR field, enter the IP or address space that you want to allow the database to communicate with.

          Clicking Add My IP will automatically fill in this field with the IP address your computer is using to communicate with Couchbase Capella.
        3. (Temporary IP Only) Configure how long you want this allowed IP address to be retained.

          Use the Hours/Days drop-down menu to choose if you want to keep this allowed IP for hours or days. Use the associated Time to Retain field to enter the number of hours or days you want the database to accept connections from the IP address. After the configured duration of time has elapsed, the entry will expire, and the database will stop taking connections from the IP address.

          A temporary IP must have a minimum retention period of one hour or one day.
        4. (Optional) Add a comment.

          Use the Comment field to enter a comment that will become available alongside the allowed IP address. This can help inform other users in your organization about why the IP address is being allowed.

          Comments cannot exceed 128 characters.
      7. Once you’re satisfied with the configuration, click Add IP.

        You can repeat the above steps to add more IPs as desired.

      Note that it takes a few minutes for the database to begin honoring newly allowed IPs. If you try to immediately connect to the database from a newly allowed IP, your connection may be blocked.

      Modify an Allowed IP Address

      At this time, you cannot modify an existing allowed IP address. Instead, you’ll need to delete the allowed IP and add it again with the desired configuration changes.

      Delete an Allowed IP Address

      To delete an IP address from a database’s list of allowed IPs, you need the Project Owner or Database Manager roles for the project containing the database from which you are deleting the allowed IP.

      1. Select the project containing the database from the project list.

      2. Select the database you wish to examine from the Your Databases screen.

      3. Select the Settings tab, then Networking from the left-hand menu.

      4. From the list of allowed IPs, click on the trashcan icon for the IP address you wish to delete.

      5. Verify that the IP you chose is the one you want to delete from the allowed list.

      6. Type delete into the provided field.

      7. Click Delete to remove the allowed IP from the database.

        When you delete an allowed IP, it can take a few minutes for the database to begin rejecting traffic from that address.