Table: mongodbatlas_project_ip_access_list - Query MongoDB Atlas Project IP Access Lists using SQL
A MongoDB Atlas Project IP Access List is a security feature that allows you to control which IP addresses or CIDR blocks can access your MongoDB Atlas project resources. This feature is designed to help you protect your MongoDB Atlas databases by limiting access to only trusted IP addresses or CIDR blocks. By using this feature, you can significantly reduce the attack surface of your MongoDB Atlas databases.
Table Usage Guide
The mongodbatlas_project_ip_access_list
table provides insights into Project IP Access Lists within MongoDB Atlas. As a database administrator or security analyst, explore details about these access lists through this table, including the allowed IP addresses or CIDR blocks, comments, and associated metadata. Utilize it to uncover information about access lists, such as those with specific IP addresses or CIDR blocks, and to ensure that only trusted sources have access to your MongoDB Atlas project resources.
Examples
Basic info
Explore which IP addresses have access to your MongoDB Atlas project. This can help in assessing the security and control of who can access your project.
select ip_address, cidr_blockfrom mongodbatlas_project_ip_access_list;
select ip_address, cidr_blockfrom mongodbatlas_project_ip_access_list;
List all IP access lists which belong to a specific aws security group
Identify the IP access lists linked to a certain AWS security group to gain insights into the security configurations of your MongoDB Atlas project. This could be particularly useful for reviewing access permissions and managing security measures.
select project_id, ip_address, cidr_blockfrom mongodbatlas_project_ip_access_listwhere aws_security_group = 'sgr_mongodbatlas_sec_group';
select project_id, ip_address, cidr_blockfrom mongodbatlas_project_ip_access_listwhere aws_security_group = 'sgr_mongodbatlas_sec_group';
LIST CIDR details
Gain insights into the details of the IP access list within a MongoDB Atlas project. This can be useful to understand the range of IP addresses that have been given access, which is crucial for maintaining network security and accessibility.
select project_id, cidr_block, host(cidr_block), broadcast(cidr_block), netmask(cidr_block), network(cidr_block)from mongodbatlas_project_ip_access_list;
Error: SQLite does not support CIDR operations.
List IP access with public CIDR blocks
Identify the projects that have IP access from public CIDR blocks, excluding those from private ranges. This could be used to assess security measures and ensure that only intended networks have access.
select project_id, cidr_blockfrom mongodbatlas_project_ip_access_listwhere not cidr_block << = '10.0.0.0/8' and not cidr_block << = '192.168.0.0/16' and not cidr_block << = '172.16.0.0/12';
Error: SQLite does not support CIDR operations.
Schema for mongodbatlas_project_ip_access_list
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
aws_security_group | text | = | Unique identifier of AWS security group in this access list entry. |
cidr_block | inet | = | Range of IP addresses in CIDR notation in this access list entry. |
comment | text | Comment associated with this access list entry. | |
delete_after_date | timestamp with time zone | Timestamp in ISO 8601 date and time format in UTC after which Atlas deletes the temporary access list entry. Atlas returns this field if you specified an expiration date when creating this access list entry. | |
ip_address | inet | = | Entry using an IP address in this access list entry. |
organization_id | text | =, !=, ~~, ~~*, !~~, !~~* | Unique identifier for the organization. |
project_id | text | = | Unique identifier of the project to which this access list entry applies. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- mongodbatlas
You can pass the configuration to the command with the --config
argument:
steampipe_export_mongodbatlas --config '<your_config>' mongodbatlas_project_ip_access_list