What IPs must I whitelist so my Glitch project can access my MongoDB database?


#1

Hello!

I’m using MongoDB Atlas (Free ‘Sandbox’ Plan) to store some basic account information.

I’m wanting to secure my database by using an IP whitelist.

The only problem is, Glitch uses a range of IPs.

I need to access it from my project (bloxious-api). (I will be adding this to the domain api.bloxious.tk) (Also, it’s set to private).

How can I do this without disabling IP whitelist.

Cheers, xXProGamerXx


#2

Hey @xXProGamerXx, unfortunately, we don’t have a good, simple answer for this question. The way our AWS fleet is set up our hosts are assigned IPs more or less randomly from the vast pool of Amazon IP ranges, and we have no control over which ones are assigned where. On top of that, every time a project host gets recycled it will get a new IP. We’re updating our fleet policies right now and I expect that workers will get recycled roughly weekly, so at some point in the future the longest your project will have the same IP address is 7 days.

One mitigating factor here is that Amazon published their IP address ranges, so you can actually get the IP address ranges that your project might have with this *sh console command (which you can run locally):

curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="EC2") | .ip_prefix'

in other words, download the ip-ranges.json file from Amazon, filter it for IP ranges for EC2 in the us-east-1 region and list the ranges.

If you can whitelist that set of ranges you should be covered (until Amazon updates their regions or we start using other regions).

Barring that you can always

curl https://ifconfig.co/

in your project’s console to get its current IP address. I don’t know if MongoDB has an API for whitelisting, but that might be something someone could explore.

Happy Glitching!


Attain ip/ system information
#3

Thanks for the information! The only problem I ran into was your script. I tested it on Windows Command Prompt and that didn’t work. So I tested it in my Ubuntu VM and curl failed… Any help would be appreciated.

Cheers, xXProGamerXx


#4

If you look closely at the command you ran there it looks like there’s some sort of copy-pasta error in there - it looks like you have an extra .region=="u( in there.

You can also separate the curl from the jq, which might make it a little easier to troubleshoot. So more like

curl https://ip-ranges.amazonaws.com/ip-ranges.json
cat ip-ranges.json | jq...

Hope this helps!


#5

Ah! Thanks. I had to re-type it all out in my Ubuntu VM (rip). Also, you said copy-pasta instead of copy-pasting.