Skip to main content
Set the access allow rules for a database. Each flag replaces the corresponding list; a list whose flag is not provided is left unchanged. 
turso db config allow-rules set <database-name> [--ip <address-or-cidr>]... [--aws-vpc <vpce-id>]...
At least one of --ip or --aws-vpc must be provided. To remove restrictions use turso db config allow-rules clear.

Flags

FlagDescription
--ipIP address or CIDR block to allow. Repeatable. Replaces the current IP list.
--aws-vpcAWS VPC endpoint ID (vpce-...) to allow. Repeatable. Replaces the current VPC list.

Examples

Allow a single IP

turso db config allow-rules set my-db --ip 203.0.113.7

Allow a CIDR range

turso db config allow-rules set my-db --ip 10.0.0.0/8

Allow multiple IPs

turso db config allow-rules set my-db --ip 203.0.113.7 --ip 10.0.0.0/8

Restrict to an AWS VPC endpoint

turso db config allow-rules set my-db --aws-vpc vpce-0fe6c8807461bba49

Combine IP and VPC rules

When both lists are set, connections must satisfy both constraints. 
turso db config allow-rules set my-db \
  --ip 10.0.0.0/8 \
  --aws-vpc vpce-0fe6c8807461bba49