From 5515c6d244ee3e68651b738e5bd00bd39f5b8002 Mon Sep 17 00:00:00 2001
From: Anastasiia Tovpeko <114177030+atovpeko@users.noreply.github.com>
Date: Wed, 5 Feb 2025 12:10:55 +0200
Subject: [PATCH] Added the data mode part to IP allow list (#3797)
---
use-timescale/security/ip-allow-list.md | 52 ++++++++++++++++++-------
1 file changed, 39 insertions(+), 13 deletions(-)
diff --git a/use-timescale/security/ip-allow-list.md b/use-timescale/security/ip-allow-list.md
index dce92a5b9d..869e2e2fa4 100644
--- a/use-timescale/security/ip-allow-list.md
+++ b/use-timescale/security/ip-allow-list.md
@@ -1,6 +1,6 @@
---
title: IP allow list
-excerpt: Create a list of IP addresses that can access your services
+excerpt: Create a list of IP addresses that can access your services and query the data in them
product: cloud
keywords: [ip allow list, security]
tags: [ip allow list]
@@ -10,47 +10,73 @@ tags: [ip allow list]
You can restrict access to your $SERVICE_LONGs to trusted IP addresses only. This prevents unauthorized connections without the need for a [Virtual Private Cloud][vpc-peering]. Creating IP allow lists helps comply with security standards such as SOC 2 or HIPAA that require IP filtering. This is especially useful in regulated industries like finance, healthcare, and government.
+For a more fine-grained control, you create separate IP allow lists for [the ops mode and the data mode][modes].
+
+## Create and attach an IP allow list in the ops mode
+
+You create an IP allow list at the [project level][members], then attach your $SERVICE_SHORT to it.
+
You attach a $SERVICE_SHORT to either one $VPC, or one IP allow list. You cannot attach a $SERVICE_SHORT to a $VPC and an IP allow list at the same time.
-## Create and attach an IP allow list
-
-You create an IP allow list at the [project level][members], then attach your $SERVICE_SHORT to it.
-
-1. In [$CONSOLE][console], select `Security` > `IP Allow List`, then click `Create IP Allow List`.
+1. **In [$CONSOLE][console], select `Security` > `IP Allow List`, then click `Create IP Allow List`**
-1. Enter your trusted IP addresses.
+1. **Enter your trusted IP addresses**
The number of IP addresses that you can include in one list depends on your [pricing plan][pricing-plans].
-1. Name your allow list and click `Create IP Allow List`.
+1. **Name your allow list and click `Create IP Allow List`**
Click `+ Create IP Allow List` to create another list. The number of IP allow lists you can create depends on your [pricing plan][pricing-plans].
-1. Select a $SERVICE_LONG, then click `Operations` > `Security` > `IP Allow List`.
+1. **Select a $SERVICE_LONG, then click `Operations` > `Security` > `IP Allow List`**
-1. Select the list in the drop-down and click `Apply`.
+1. **Select the list in the drop-down and click `Apply`**
+
+1. **Type `Apply` in the confirmation popup**
+
+
+
+You have created and attached an IP allow list for the operations available in the ops mode. You can unattach or change the list attached to a $SERVICE_SHORT from the same tab.
-1. Type `Apply` in the confirmation popup.
+## Create an IP allow list in the data mode
+
+You create an IP allow list in the data mode settings.
+
+
+
+1. **In [$CONSOLE][console], toggle `Data`**
+
+1. **Click the project name in the upper left corner, then select `Settings`**
+
+1. **Scroll down and toggle `IP Allowlist`**
+
+1. **Add IP addresses**
+
+ 1. Click `Add entry`.
+ 1. Enter an IP address or a range of IP addresses.
+ 1. Click `Add`.
+ 1. When all the IP addresses have been added, click `Apply`.
+ 1. Click `Confirm`.
-You have created and attached an IP allow list. You can unattach or change the list attached to a service from the same tab.
+You have successfully added an IP allow list for querying your $SERVICE_SHORT in the data mode.
[console]: https://console.cloud.timescale.com/dashboard/
[pricing-plans]: /about/:currentVersion:/pricing-and-account-management/
[vpc-peering]: /use-timescale/:currentVersion:/security/vpc/
[members]: /use-timescale/:currentVersion:/members/
-
+[modes]: /getting-started/:currentVersion:/services/