Navigation

mongocli atlas whitelist create

On this page

The whitelist create command creates a whitelist for the specified Atlas project. The whitelist can contain one or more trusted IP addresses, AWS security group IDs, or entries in Classless Inter-Domain Routing (CIDR) notation. You can create one whitelist per project.

Note

The command does not overwrite existing entries in the whitelist. Instead, it adds the new entries to the list of entries.

You can also create a whitelist using the Atlas UI or API.

Syntax

mongocli atlas whitelist create <whitelist-entry>
     --comment "<description-of-value>"
     --deleteAfter <date-of-deletion>
     [ --output|-o <output-format> ]
     [ --profile|-P <name-of-profile> ]
     --projectId <id-of-project>
     [ --type cidrBlock|ipAddress|awsSecurityGroup ]

Note

Use -h or --help to view the command-line help for this command.

Options

Option Type Description Required?
<whitelist-entry> string

Entry for the whitelist. Value can be:

  • An IP address
  • A CIDR block
  • An AWS security group ID
yes
--comment string Description of the whitelist entry. Use double quotes to enclose the description if there are one or more spaces in the description. no
--deleteAfter string

Date after which Atlas removes the whitelist entry. The specified date must be:

  • In ISO 8601 format in UTC.
  • Within one week in the future from when you run the command.
no
--output, -o string

Command output format. Valid values are:

  • json for output in JSON format
  • go-template for custom output using the Go template
  • go-template-file for custom output specified using Go template file

If omitted, the command returns output in the default format.

no
--profile, -P string Name of the profile to use for accessing the Atlas project. If omitted, uses the default profile. no
--projectId string Unique identifier of the project for which to create the whitelist. yes
--type string

Type of whitelist entry. Valid values are:

cidrBlock Whitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with awsSecurityGroup and ipAddress.
ipAddress IP address. You can connect to a cluster from only the trusted IP addresses in the whitelist. Mutually exclusive with awsSecurityGroup and ciderBlock.
awsSecurityGroup

ID of an AWS security group. Mutually exclusive with cidrBlock and ipAddress.

Note

You must configure VPC peering for your project before you can whitelist an AWS security group.

If omitted, defaults to ipAddress.

no

Output

The command prints the following fields in the specified format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field Description
groupId Unique identifier of the project.
cidrBlock Whitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with awsSecurityGroup and ipAddress.
ipAddress Whitelisted IP address. Mutually exclusive with awsSecurityGroup and ciderBlock.
deleteAfter Date in ISO 8601 format after which Atlas deletes the whitelist entry.
awsSecurityGroup Whitelisted ID of an AWS security group. Mutually exclusive with cidrBlock and ipAddress.
comment Description of the whitelist entry.

Examples

The following examples use the mongocli atlas whitelist create command to create a whitelist with an IP address, a whitelist entry in CIDR notation, and a whitelist entry with an AWS security group.

Example 1

The following sample command creates a whitelist entry for an IP address using the default profile.

mongocli atlas whitelist create 192.0.2.15 --type ipAddress --projectId 5e2211c17a3e5a48f5497de3 --comment "IP address for app server 2" --output json

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

[
  {
    "comment": "IP address for app server 2",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "192.0.2.15/32",
    "ipAddress": "192.0.2.15"
  },
  {
    "comment": "IP address for app server 1",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "10.201.30.114/32",
    "ipAddress": "10.201.30.114"
  }
]

Example 2

The following command creates a whitelist entry in CIDR notation using the default profile.

mongocli atlas whitelist create 73.231.201.205/24 --type cidrBlock --projectId 5e2211c17a3e5a48f5497de3 --output json --comment "CIDR block for servers C - F"

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

[
  {
    "comment": "CIDR block for servers C - F",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "73.231.201.205/24",
    "ipAddress": "73.231.201.205"
  },
  {
    "comment": "IP address for app server 2",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "192.0.2.15/32",
    "ipAddress": "192.0.2.15"
  },
  {
    "comment": "IP address for app server 1",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "10.201.30.114/32",
    "ipAddress": "10.201.30.114"
  }
]

Example 3

The following command creates a whitelist entry for an AWS security group using the default profile.

mongocli atlas whitelist create sg-903004f8 --type awsSecurityGroup
--projectId 5e2211c17a3e5a48f5497de3 --output json --comment "AWS Security Group"

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

[
  {
    "comment": "AWS Securty Group",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "awsSecurityGroup": "sg-903004f8"
  },
  {
    "comment": "CIDR block for servers C - F",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "73.231.201.205/24",
    "ipAddress": "73.231.201.205"
  },
  {
    "comment": "IP address for app server 2",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "192.0.2.15/32",
    "ipAddress": "192.0.2.15"
  },
  {
    "comment": "IP address for app server 1",
    "groupId": "5e2211c17a3e5a48f5497de3",
    "cidrBlock": "10.201.30.114/32",
    "ipAddress": "10.201.30.114"
  }
]