The ACL tab of the Security Settings page provides the IP Address Ranges, CIDR Blocks, and VPC Endpoints settings for allowing user access only from specified IP address ranges, CIDR blocks, or VPC endpoints.
Only the administrator or an entrusted identity can configure the ACL to control access of all IAM users under the account from specific IP address ranges, CIDR blocks, or VPC endpoints.
Access type:
- Console Access (recommended): The ACL takes effect only for IAM users who are created using your account and have access to the console.
- API Access: The ACL controls users' API access through API Gateway and takes effect only for your account and IAM users under your account 15 minutes after you complete the configuration.
- You can configure a maximum of 200 access control items.
IP Address Ranges
You can specify the IP address range from 0.0.0.0 to 255.255.255.255 to control access to the cloud platform. The default setting is 0.0.0.0-255.255.255.255. If you do not specify a range or use the default range, your IAM users can access the cloud platform from IP addresses.
CIDR Blocks
Specify CIDR blocks to control access to the cloud platform. For example, set CIDR Block to 10.10.10.10/32.
VPC Endpoints
Specify access to the cloud platform APIs only from the VPC Endpoint with the specified ID, for example, 0ccad098-b8f4-495a-9b10-613e2a5exxxx. You can set the VPC endpoint only on the API Access tab. If access control is not configured, you can access APIs from all VPC endpoints by default.
Figure 1 VPC endpoints
- User access is allowed if any of IP Address Ranges, CIDR Blocks, and VPC Endpoints is met.
- To restore IP Address Ranges to the default settings (0.0.0.0-255.255.255.255) and clear the settings in CIDR Blocks and VPC Endpoints, click Restore Defaults.