Navigation

Add Entries to the Whitelist

Atlas only allows client connections to the cluster from entries in the project’s whitelist. Each entry is either a single IP address or a CIDR-notated range of addresses. For AWS clusters with one or more VPC Peering connections to the same AWS region, you can specify a Security Group associated with a peered VPC.

For Atlas clusters deployed on Google Cloud Platform or Microsoft Azure, add the IP addresses of your GCP or Azure services to Atlas project IP whitelist to grant those services access to the cluster.

The whitelist applies to all clusters in the project and can have up to 200 whitelist entries, with the following exception: projects with an existing sharded cluster created before August 25th, 2017 can have up to 100 whitelist entries.

To add an entry to the whitelist, from the Clusters view, select the Security tab, then click IP Whitelist, then Add IP Address. Atlas supports creating temporary whitelist entries that automatically expire within a user-configurable 7-day period.

Note

You cannot set AWS security groups as temporary whitelist entries.

Atlas audits the creation, deletion, and updates of IP whitelist entries in the project’s Activity Feed. Atlas audits actions pertaining to both temporary and non-temporary entries. To view the project’s Activity Feed, click Alerts in the left navigation pane and select the All Activity tab. For more information on the project Activity Feed, see View All Activity.

Note

Atlas does not report updates to a whitelist entry’s comment in the Activity Feed.

When you modify the address of a whitelist entry, the Activity Feed reports two new activities: one for the deletion of the old entry and one for the creation of the new entry.

Add Whitelist Entries

1

Go to IP Whitelist view.

From the Clusters view, select the Security tab, then IP Whitelist.

Click Add IP Address.

2

Enter an IP address, CIDR block, or Security Group ID.

Important

Ensure that you add the IP address you will use to access MongoDB as the admin user.

Enter the desired IP address or CIDR-notated range of addresses:

Entry Grants
An IP address Access from that address.
A CIDR-notated range of IP addresses

Access from the designated range of addresses.

For peer VPC connections, you can specify the CIDR block (or a subset) or the associated Security Group.

The Internet provides online tools for converting a range of IP addresses to CIDR, such as http://www.ipaddressguide.com/cidr.

Security Group ID (AWS Only)

Access via Security Group membership from a peered VPC.

Important

Atlas does not support security group whitelisting in projects with VPC peering connections in multiple regions.

3

(Optional) Set the whitelist as temporary.

Check the Save as temporary whitelist option to specify a length of time that the IP address will be whitelisted, after which Atlas will remove the address from the whitelist. You can select one of the following time periods for the address to be whitelisted:

  • 6 hours
  • 1 day
  • 1 week

In the IP Whitelist view, temporary whitelist entries display the time remaining until the address will expire. Once the IP address expires and is deleted, any client or application attempting to connect to the cluster from the address will no longer be able to access the cluster.

4

Click Save and Close.

You can also add entries to the whitelist through the Atlas API. See Add Entries to Project IP Whitelist.

Modify Whitelist Entries

1

Go to IP Whitelist view.

From the Clusters view, select the Security tab, then IP Whitelist.

2

Edit the target whitelist entry

Click Edit for the entry you want to modify.

You can modify the IP address / CIDR block of the entry and the comment associated with the entry. If the entry is temporarily whitelisted, Atlas displays the remaining time until it will remove the entry and a dropdown to modify the duration of the whitelist or convert it to a permanent entry.

Note

You cannot modify a permanent whitelist entry to be temporary.

3

Click Confirm to save the changes.

You can also modify existing whitelist entries through the Atlas API. See Update an Entry in the Project IP Whitelist.

Delete Whitelist Entries

Important

When you remove an IP address from the whitelist, existing connections from the removed address may remain open for a variable amount of time. How much time passes before Atlas closes the connection depends on several factors, including how the connection was established, the particular behavior of the application or driver using the address, and the connection protocol (e.g., TCP or UDP).

1

Go to IP Whitelist view.

From the Clusters view, select the Security tab, then IP Whitelist.

2

Click Delete for the desired entry.

3

Click Delete again to confirm.

You can also delete existing users through the Atlas API. See Delete an Entry from the Project IP Whitelist.