Add Entries to Project IP Access List
Adds one or more access list entries to the specified project. MongoDB Cloud only allows client connections to the cluster from entries in the project's IP access list. Write each entry as either one IP address or one CIDR-notated block of IP addresses. To use this resource, the requesting Service Account or API Key must have the Project Owner or Project Charts Admin roles. This resource replaces the whitelist resource. MongoDB Cloud removed whitelists in July 2021. Update your applications to use this new resource. The /groups/{GROUP-ID}/accessList
endpoint manages the database IP access list. This endpoint is distinct from the orgs/{ORG-ID}/apiKeys/{API-KEY-ID}/accesslist
endpoint, which manages the access list for MongoDB Cloud organizations. This endpoint doesn't support concurrent POST
requests. You must submit multiple POST
requests synchronously.
Path parameters
-
Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.
NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
Format should match the following pattern:
^([a-f0-9]{24})$
.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelope
JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false
. -
Flag that indicates whether the response returns the total number of items (totalCount) in the response.
Default value is
true
. -
Number of items that the response returns per page.
Minimum value is
1
, maximum value is500
. Default value is100
. -
Number of the page that displays the current set of the total objects that the response returns.
Minimum value is
1
. Default value is1
. -
Flag that indicates whether the response body should be in the prettyprint format.
Default value is
false
.Prettyprint
Body
Required
One or more access list entries to add to the specified project.
-
Unique string of the Amazon Web Services (AWS) security group that you want to add to the project's IP access list. Your IP access list entry can be one awsSecurityGroup, one cidrBlock, or one ipAddress. You must configure Virtual Private Connection (VPC) peering for your project before you can add an AWS security group to an IP access list. You cannot set AWS security groups as temporary access list entries. Don't set this parameter if you set cidrBlock or ipAddress.
Format should match the following pattern:
^([0-9]*/)?sg-([0-9]*)
. -
Range of IP addresses in Classless Inter-Domain Routing (CIDR) notation that you want to add to the project's IP access list. Your IP access list entry can be one awsSecurityGroup, one cidrBlock, or one ipAddress. Don't set this parameter if you set awsSecurityGroup or ipAddress.
Format should match the following pattern:
^([0-9]{1,3}\.){3}[0-9]{1,3}(%2[fF][0-9]{1,3})?|([0-9a-f]{1,4}\:){7}[0-9a-f]{1,4}(%2[fF][0-9]{1,3})?|([0-9a-f]{1,4}\:){1,6}\:(%2[fF][0-9]{1,3})?$
. -
Remark that explains the purpose or scope of this IP access list entry.
Maximum length is
80
. -
Date and time after which MongoDB Cloud deletes the temporary access list entry. This parameter expresses its value in the ISO 8601 timestamp format in UTC and can include the time zone designation. The date must be later than the current date but no later than one week after you submit this request. The resource returns this parameter if you specified an expiration date when creating this IP access list entry.
-
IP address that you want to add to the project's IP access list. Your IP access list entry can be one awsSecurityGroup, one cidrBlock, or one ipAddress. Don't set this parameter if you set awsSecurityGroup or cidrBlock.
Format should match the following pattern:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)(\.(?!$)|$)){4}|([0-9a-f]{1,4}:){7}[0-9a-f]{1,4}$
.
atlas api createProjectIpAccessList --help
import (
"os"
"context"
"log"
sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)
func main() {
ctx := context.Background()
clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
client, err := sdk.NewClient(
sdk.UseOAuthAuth(clientID, clientSecret),
sdk.UseBaseURL(url))
if err != nil {
log.Fatalf("Error: %v", err)
}
params = &sdk.CreateProjectIpAccessListApiParams{}
sdkResp, httpResp, err := client.ProjectIPAccessListApi.
CreateProjectIpAccessListWithParams(ctx, params).
Execute()
}
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/accessList" \
-d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
--digest \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/accessList" \
-d '{ <Payload> }'
[
{
"awsSecurityGroup": "string",
"cidrBlock": "string",
"comment": "string",
"deleteAfterDate": "2025-05-04T09:42:00Z",
"ipAddress": "string"
}
]
{
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas",
"rel": "self"
}
],
"results": [
{
"awsSecurityGroup": "string",
"cidrBlock": "string",
"comment": "string",
"deleteAfterDate": "2025-05-04T09:42:00Z",
"groupId": "32b6e34b3d91647abb20e7b8",
"ipAddress": "string",
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas",
"rel": "self"
}
]
}
],
"totalCount": 42
}
{
"error": 400,
"detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
"reason": "Bad Request",
"errorCode": "VALIDATION_ERROR"
}
{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}
{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}
{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}