ContextQMD
Back to Redis

Cidr Whitelist

content/operate/rc/security/cidr-whitelist.md

latest2.3 KB
Original Source

The CIDR allow list lets you restrict traffic to your Redis Cloud database. When you configure an allow list, only the IP addresses defined in the list can connect to the database. Traffic from all other IP addresses is blocked.

{{< note >}} To use the CIDR allow list, you must be on either paid Redis Cloud Essentials or on Redis Cloud Pro. This feature is not supported on free Redis Cloud Essentials plans. {{< /note >}}

Define CIDR allow list

To define the CIDR allow list for a database:

  1. Select Databases from the Redis Cloud console menu and then select your database from the list.

  2. From the database's Configuration screen, select the Edit database button.

  3. In the Security section, turn on the CIDR allow list toggle.

  4. Enter the first IP address (in CIDR format) you want to allow in the text box and then select the check mark to add it to the allow list:

    {{<image filename="images/rc/database-details-configuration-tab-security-cidr-allowlist-add-first-ip.png" width="80%" alt="Add the first IP address to the CIDR allow list." >}}

  5. To allow additional IP addresses:

    1. Select Add CIDR.

    2. Enter the new IP address in the text box and then select check to add it to the allow list.

      {{<image filename="images/rc/database-details-configuration-tab-security-cidr-allowlist-add-more-ips.png" width="80%" alt="Add a new IP address to the CIDR allow list." >}}

    The number of CIDR allow list entries that you can add is based on your Redis Cloud plan. Redis Cloud Essentials plans can have between 4 and 32 entries depending on the plan. Redis Cloud Pro plans can have up to 32 entries.

  6. Select Save database to apply your changes.

{{< note >}} The database CIDR allow list applies to both the public endpoint and the private endpoint. If you use connectivity options such as [VPC Peering]({{< relref "/operate/rc/security/vpc-peering" >}}) and [Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) to connect to your database via the private endpoint, you must also add those IPs to your database's CIDR allow list. {{< /note >}}

Continue learning with Redis University

{{< university-links >}}