Restrict network access to services

By default, Aiven services are publicly accessible, but you can restrict access to your service to a single IP, an address block, or any combination of both.

important

IP filters apply to inbound traffic coming from specified IP addresses / network ranges to Aiven service ports.

tip

To access a non-publicly-accessible service from another service, use a service integration.

Restrict access

1. Log in to Aiven Console.

2. On the Services page, select the service to restrict.

3. On the Overview page of your service, select Service settings from the sidebar.

4. On the Service settings page, in the Cloud and network section, click Actions > Set public IP filters.

5. In the Allowed inbound IP addresses window, enter your address or address block using the CIDR notation, and select the + icon to add it to the list of the trusted IP addresses.

   note

   You can add multiple addresses or address blocks or combination of both at once.

6. Select Close.

Now your service can be accessed from the specified IP addresses only.

Alternative method

You can also use the dedicated service update function to create or update the IP filter for your service via the Aiven CLI.

Related pages

For more ways of securing your service, see:

• Networking with VPC peering
• Configure VPC peering.