Use access lists to limit what public endpoints are able to access your database.You can choose to restrict access in one of two ways:
- Restrict access to specific IP addresses
- Restrict access to a range of IP addresses using https://en.wikipedia.org/wiki/ClasslessInter-DomainRouting[Classless Inter-Domain Routing (CIDR)]
When Access List is configured and active, access to these endpoints is restricted:
- CQL, GraphQL, and REST
- GraphQL Playground
- Swagger
- CQLsh
This information applies to only serverless databases.
You can also manage your access list using the DevOps API.
If you are using the access list and restricting public access, these restrictions exclude the Astra internal site reliability controls.
Only Organization and Database Administrators for the database have permissions to manage the access list.
By default, public access to your database is not restricted. Access to your database is possible via public internet.
- In your database Settings, select the toggle to restrict public access.
- Confirm your selection to Restrict Public Access.
Until you add an address to your access list, public access is still available.
- Ensure public access is restricted.
- Select Add Access.
- Select Add new endpoint.
- Select IP Address or CIDR from the Type menu.
- Enter the IP address or CIDR into the Address field.
- Optional: Add a description for the address you are adding. For example, office or home .
- Select Add to add the address to the access list.
It takes approximately five minutes for each address to sync and have access.
Upload list of endpoints
- Ensure public access is restricted.
- Select Add Access.
- Select Upload from file.
- Use the Select File button to find the JSON file with your access list to upload.
- Select Import to add the addresses to your access list.
You can import an access list from another Astra database. If you do not have another active Astra database, this option will not be available.
- Ensure public access is restricted.
- Select Add Access.
- Select Import from database.
- Select the active Astra database from which you want to import the addresses.
- Select Import to add the addresses to your access list.
- Select the overflow menu for the address you want to enable or disable.
- Select Enable or Disable.
- Confirm your selection to Enable or Disable the endpoint.
Your access list remains active, even if all endpoints are disabled. If you want to allow public access, you must select the toggle to stop restricting public access.
If you remove all of the addresses on your access list, your database will be accessible from the public internet, even if Restrict public access is selected.
- Select the overflow menu for the address you want to remove.
- Select Delete.
- Confirm your selection to Delete the endpoint.
It takes approximately five minutes for each address to sync and be removed from the access list.
If you stop restricting public access, access to your database is possible via public internet.
- Select the toggle to stop restricting public access.
- Confirm your selection to Enable public access.