diff --git a/content/embeds/rc-vpc-peering-cidr-list.md b/content/embeds/rc-vpc-peering-cidr-list.md new file mode 100644 index 00000000000..3b17457345e --- /dev/null +++ b/content/embeds/rc-vpc-peering-cidr-list.md @@ -0,0 +1 @@ +If you've enabled the database's [CIDR allow list]({{< relref "/rc/security/cidr-whitelist" >}}), you must also [add the VPC peered IP addresses to the CIDR allow list]({{< relref "/rc/security/cidr-whitelist#define-cidr-allow-list" >}}) to connect to the database via the private endpoint. \ No newline at end of file diff --git a/content/rc/security/aws-transit-gateway.md b/content/rc/security/aws-transit-gateway.md index 03c8a124eb5..01af44bae01 100644 --- a/content/rc/security/aws-transit-gateway.md +++ b/content/rc/security/aws-transit-gateway.md @@ -156,4 +156,8 @@ To finish Transit gateway setup, [update your route tables for the peering conne After Transit gateway is established, we recommend switching your application connection string to the private endpoint. +{{< note >}} +If you've enabled the database's [CIDR allow list]({{< relref "/rc/security/cidr-whitelist" >}}), you must also [add the Transit Gateway's IP address to the CIDR allow list]({{< relref "/rc/security/cidr-whitelist#define-cidr-allow-list" >}}) to connect to the database via the private endpoint. +{{< /note >}} + diff --git a/content/rc/security/cidr-whitelist.md b/content/rc/security/cidr-whitelist.md index 5a782ebb12d..e53f704c3a8 100644 --- a/content/rc/security/cidr-whitelist.md +++ b/content/rc/security/cidr-whitelist.md @@ -14,21 +14,19 @@ The [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) [allow You can configure your database's CIDR allow list to restrict client connections to a specific range of IP addresses. - {{< note >}} To use the CDIR allow list, you must be on either Redis Cloud Fixed, Flexible, or Annual plans. This feature is not supported on Redis Cloud Free. {{< /note >}} - ### Define CIDR allow list To define the CIDR allow list for a database: 1. Select **Databases** from the [Redis Cloud console](https://app.redislabs.com/) menu and then select your database from the list. -1. From the database's **Configuration** screen, select the **Edit database** button: +1. From the database's **Configuration** screen, select the **Edit database** button. -1. In the **Security** section, turn on the **CIDR allow list** toggle: +1. In the **Security** section, turn on the **CIDR allow list** toggle. 1. Enter the first IP address (in CIDR format) you want to allow in the text box and then select the check mark to add it to the allow list: @@ -44,6 +42,10 @@ To define the CIDR allow list for a database: 1. Select **Save database** to apply your changes. +{{< note >}} +The database CIDR allow list applies to both the public endpoint and the private endpoint. If you use connectivity options such as [VPC Peering]({{< relref "/rc/security/vpc-peering" >}}) and [Transit Gateway]({{}}) to connect to your database via the private endpoint, you must also add those IPs to your database's CIDR allow list. +{{< /note >}} + ## Subscription allow list If you use a [self-managed, external cloud account]({{}}) to host your Redis Cloud deployment, you can configure a subscription-wide allow list diff --git a/content/rc/security/vpc-peering.md b/content/rc/security/vpc-peering.md index 32f99ef0184..81644a965fd 100644 --- a/content/rc/security/vpc-peering.md +++ b/content/rc/security/vpc-peering.md @@ -87,6 +87,10 @@ To finish VPC peering setup, [update your route tables for the peering connectio Once VPC peering is established, we recommend switching your application connection string to the private endpoint. +{{< note >}} +{{< embed-md "rc-vpc-peering-cidr-list.md" >}} +{{< /note >}} + ## Google Cloud VPC peering {#gcp-vpc-peering} If you want to peer a Redis Cloud VPC with a Google Cloud VPC, you need to: @@ -126,3 +130,7 @@ To set up VPC peering: To approve the VPC peering request between Redis Cloud and Google Cloud, use the [`gcloud` CLI](https://cloud.google.com/sdk/gcloud) to run the **Google cloud command** that you copied before you initiated VPC peering. Once VPC peering is established, we recommend switching your application connection string to the private endpoint. + +{{< note >}} +{{< embed-md "rc-vpc-peering-cidr-list.md" >}} +{{< /note >}}