The CIDR allow list lets you restrict traffic to your Redis Cloud database. When you configure an allow list, only the IP addresses defined in the list can connect to the database. Traffic from all other IP addresses is blocked.

Database allow list

You can configure your database’s CIDR allow list to restrict client connections to a specific range of IP addresses.

Note:
To use the CDIR allow list, you must be on either paid Redis Cloud Essentials or on Redis Cloud Pro. This feature is not supported on free Redis Cloud Essentials plans.

Define CIDR allow list

To define the CIDR allow list for a database:

  1. Select Databases from the Redis Cloud console menu and then select your database from the list.

  2. From the database’s Configuration screen, select the Edit database button.

  3. In the Security section, turn on the CIDR allow list toggle.

  4. Enter the first IP address (in CIDR format) you want to allow in the text box and then select the check mark to add it to the allow list:

    Add the first IP address to the CIDR allow list.

  5. To allow additional IP addresses:

    1. Select Add CIDR.

    2. Enter the new IP address in the text box and then select check to add it to the allow list.

      Add a new IP address to the CIDR allow list.

  6. Select Save database to apply your changes.

Note:
The database CIDR allow list applies to both the public endpoint and the private endpoint. If you use connectivity options such as VPC Peering and Transit Gateway to connect to your database via the private endpoint, you must also add those IPs to your database’s CIDR allow list.

Subscription allow list

If you use a self-managed, external cloud account to host your Redis Cloud deployment, you can configure a subscription-wide allow list to restrict traffic to all databases associated with the subscription.

The subscription CIDR allow list defines a range of IP addresses and AWS security groups that control inbound and outbound traffic to the Redis Cloud VPC. When you add security groups to the allow list, you can also use the same security groups to manage access to your application.

Allow IP address or security group

To add IP addresses or AWS security groups to a subscription’s allow list:

  1. From the Redis Cloud console menu, select Subscriptions and then select your subscription from the list.

  2. Select Connectivity > Allow List.

  3. If the allow list is empty, select Add allow list.

  4. Select an entry Type from the list:

    Select the type of entry to add to the allow list from the Type list.

  5. In the Value box, enter one of these options:

    • An IP address in CIDR format

    • The AWS security group ID

  6. Select check to add the entry to the allow list.

  7. To allow additional IP addresses or security groups:

    1. Select Add entry.

    2. Select the new entry’s Type, enter the Value, and select check to add it to the allow list.

      Define the new entry and select the Submit entry button to add it to the allow list.

  8. Select Apply all changes to apply the allow list updates.