Krithika Balagurunathan

Security and governance are top priorities for enterprises that adopt cloud-first initiatives. <a href="https://www.datastax.com/products/datastax-astra">DataStax Astra DB</a>, the multi-cloud database-as-a-service (DBaaS) built on Apache Cassandra™, can be a perfect complement to your cloud strategy: it’s cloud native, autoscales, and lowers your total cost of ownership (TCO). DBaaS offerings are held to a higher standard than many other cloud services because they manage an enterprise’s most precious asset: data.&nbsp;

Role-based access management restricts access by user or client application, but many enterprises need a stronger security posture. They need to restrict network access to safe IP addresses—especially in the new world of remote and distributed work. IP Access List is indicative of our continuous innovation in Astra DB, building upon security features such as end-to-end encryption including encryption on the wire with mTLS , VPC peering, SOC 2 compliance, and more.&nbsp;

Astra DB’s IP Access List addresses these concerns by enabling users to custom configure IPs and CIDR blocks that can access Astra DB hosted resources, including REST, GraphQL, Swagger, and CQLsh. This lets enterprises restrict access from select office and home networks. Optionally, if using peered networks, public endpoints can be turned off to remove access over the public internet. IP Access List, when combined with other Astra DB features such as Role-Based Access Control (RBAC) and your organization’s internal controls, enable a robust security practice.

<img alt="IP Access list diagram" data-entity-type="file" data-entity-uuid="4e6ccd44-254a-413c-b690-9406343dba84" src="https://www.datastax.com/sites/default/files/inline-images/ip-access-list-diagram.png" />

This addresses two popular use cases:&nbsp;

<ul>
	<li>Enterprises can set up access such that all database operations can be performed by the user only when on the secure corporate network; if the user attempts access from outside the perimeter, all access is blocked for the user.&nbsp;</li>
	<li>IP Access List also addresses use cases&nbsp;where access to data must be restricted to certain countries to adhere to compliance regulations.</li>
</ul>

This feature also addresses use cases that require the ability to turn off all public access when using network peering

Getting started with IP Access List

To restrict access, start by logging in to <a href="http://astra.datastax.com">astra.datastax.com</a>.&nbsp;

<ul>
	<li>From the dashboard, select the database that you want to restrict access to and navigate to the settings page to configure your IP Access List</li>
</ul>

<img alt="IP access list" data-entity-type="file" data-entity-uuid="8cb4ebd2-6ccb-4fdf-b3e0-9cb00330a403" src="https://www.datastax.com/sites/default/files/inline-images/ip-access-list-1.png" />

By default all endpoints are open to public access.

<img alt="IP access list 2" data-entity-type="file" data-entity-uuid="72e90c7d-467c-41fe-a4b0-225bd3e9d423" src="https://www.datastax.com/sites/default/files/inline-images/ip-access-list-2.png" />

Access can restricted using one of the below options:

Turn off public access entirely:

<img alt="IP access 3" data-entity-type="file" data-entity-uuid="c0a3bd1a-afff-4d85-81ee-e611be5011b2" src="https://www.datastax.com/sites/default/files/inline-images/ip-access-list-3.png" />

Selectively allow IP/CIDR for access:

<img alt="IP access 4" data-entity-type="file" data-entity-uuid="871e1b07-5adb-4fdc-940e-39159964eed2" src="https://www.datastax.com/sites/default/files/inline-images/ip-access-list-4.png" />

<img alt="IP Access list 5" data-entity-type="file" data-entity-uuid="11d709fa-9d0e-4232-95cb-8db031e1b4d5" src="https://www.datastax.com/sites/default/files/inline-images/ip-access-list-5_0.png" />

Once an IP or a CIDR block is added to the table and the toggle is set to “Restrict public access,” all other IPs are blocked. After that step is completed, the below endpoints are restricted for access:

<ul>
	<li>CQL</li>
	<li>REST&nbsp;</li>
	<li>GraphQL playground</li>
	<li>Swagger</li>
	<li>CQLsh</li>
</ul>

In addition to the Astra DB UI workflow, IP Access List can be configured using the <a href="https://docs.datastax.com/en/astra/docs/manage-database-with-service-account.html">Astra DevOps API</a>.

For more detailed information on IP Access List, please review the <a href="https://docs.datastax.com/en/astra/docs/db-access-list.html">Astra DB documentation</a>.&nbsp;

Astra DB is the fastest and easiest way to spin up secure Cassandra clusters. If you’re not using Astra DB, get started without a credit card by registering for an account at <a href="https://astra.datastax.com/register">https://astra.datastax.com/register</a> and use your Google or GitHub account to sign in (you can also sign up using your email address). For feedback and comments, reach out to <a href="mailto:astra-pm@datastax.com">astra-pm@datastax.com</a>.&nbsp;&nbsp;

Build and scale cloud native apps

Discover the benefits of DBaaS and why your apps deserve an upgrade.

Learn about NoSQL Databases

Learn about NoSQL databases with Apache Cassandra and Astra DB.

2022 Recap: A Year for Customers, Community, and Real-Time Data

Highlights from 2022 and a glimpse into the year ahead.

ViewingCompany

Protect Your Database in a Distributed World with IP Access List

Sign up for our Developer Newsletter