Restrict network access to services
Restrict access to your Aiven-managed service to a single IP, an address block, or any combination of both.
By default, a connection to an Aiven service can be established from any IP address. To restrict access, you can use the IP filtering capability, which allows you to filter traffic incoming to your services by specifying allowed IP addresses or network ranges.
If your service is within a VPC, the VPC configuration filters incoming traffic before the IP filter is applied.
By default, the IP filter is set to 0.0.0.0/0
, which allows all inbound connections. If you
remove 0.0.0.0/0
without adding networks or addresses used by clients, no client can
connect to your service.
To access a non-publicly-accessible service from another service, use a service integration.
Restrict access
-
Log in to the Aiven Console, and select the service to restrict access to.
-
On the Overview page of your service, select Service settings.
-
On the Service settings page, in the Cloud and network section:
-
Set the IP filter for the first time:
- Click Actions > Set IP address allowlist.
- In the Allowed inbound IP addresses window, remove
0.0.0.0/0
and enter an IP address or address block using the CIDR notation, for example10.20.0.0/16
.
-
Edit the IP filter after the first setup change:
- Click Actions > Edit IP address allowlist.
- In the Allowed inbound IP addresses window, enter an IP address or address
block using the CIDR notation, for example
10.20.0.0/16
.
-
-
To add more IP addresses or ranges, click Add IP address range.
-
Select Save changes.
Now your service can be accessed from the specified IP addresses only.
You can also use the dedicated service update function to create or update the IP filter for your service via the Aiven CLI.
Related pages
For more ways of securing your service, see: