vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/umn/iam_07_0003.html
Wei, Hongmin 04bff7c7a8 IAM 2.6 UMN Version 
Reviewed-by: Kabai, Zoltán Gábor <zoltan-gabor.kabai@t-systems.com>
Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com>
Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
2023-08-03 03:29:44 +00:00

35 lines
6.4 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<a name="iam_07_0003"></a><a name="iam_07_0003"></a>
<h1 class="topictitle1">ACL</h1>
<div id="body0000001474132798"><p id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_p65417254398">The <strong id="iam_07_0003__en-us_topic_0177717042_b18185105063414">ACL</strong> tab of the <a href="iam_07_0001.html#iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_section113256158575">Security Settings</a> page provides the <a href="#iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section1659055844011">IP Address Ranges</a>, <a href="#iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section5282253478">IPv4 CIDR Blocks</a>, and <a href="#iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section148601027258">VPC Endpoints</a> settings for allowing user access only from specified IP address ranges, IPv4 CIDR blocks, or VPC endpoints.</p>
<p id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_p20918481397">Only the <a href="iam_01_0023.html#iam_01_0023__section1475194083513">administrator</a> can configure the ACL. If an IAM user needs to configure the ACL, the user can request the administrator to perform the configuration or grant the required permissions.</p>
<div class="p" id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_p846285314599"><strong id="iam_07_0003__en-us_topic_0177717042_b229335124613">Access type:</strong><ul id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_ul1726218495594"><li id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_li3744103710445"><strong id="iam_07_0003__en-us_topic_0177717042_b109881144151510">Console Access</strong> (recommended): The ACL takes effect only for IAM users who are created using your account and have access to the console. </li><li id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_li1426274995910"><strong id="iam_07_0003__en-us_topic_0177717042_b1831433873118">API Access</strong>: The ACL controls users' API access through API Gateway and takes effect only for IAM users two hours after you complete the configuration.</li></ul>
</div>
<div class="note" id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_note143415794617"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="iam_07_0003__en-us_topic_0177717042_ul166011785449"><li id="iam_07_0003__en-us_topic_0177717042_li46016884411">You can configure a maximum of 200 access control items.</li></ul>
</div></div>
<div class="section" id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section1659055844011"><a name="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section1659055844011"></a><a name="en-us_topic_0177717042_en-us_topic_0176803440_section1659055844011"></a><h4 class="sectiontitle">IP Address Ranges</h4><div class="fignone" id="iam_07_0003__en-us_topic_0177717042_fig3405202415617"><span class="figcap"><b>Figure 1 </b>IP Address Ranges</span><br><span><img id="iam_07_0003__en-us_topic_0177717042_image07430224615" src="en-us_image_0000001209614103.png" width="465.5" height="80.171735" title="Click to enlarge" class="imgResize"></span></div>
<p id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_p12441103013472">Specify IP address ranges from 0.0.0.0 to 255.255.255.255 to allow access to the cloud platform. The default value is <strong id="iam_07_0003__en-us_topic_0177717042_b1833514392120">0.0.0.0255.255.255.255</strong>. If this parameter is left blank or the default value is used, your IAM users can access the management console from anywhere.</p>
</div>
<div class="section" id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section5282253478"><a name="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section5282253478"></a><a name="en-us_topic_0177717042_en-us_topic_0176803440_section5282253478"></a><h4 class="sectiontitle">IPv4 CIDR Blocks</h4><p id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_p749844074110">Specify IPv4 CIDR blocks to allow access to the cloud platform. For example, set <strong id="iam_07_0003__en-us_topic_0177717042_b163421143349">IPv4 CIDR block</strong> to <strong id="iam_07_0003__en-us_topic_0177717042_b82561957166">10.10.10.10/32</strong>.</p>
</div>
<div class="section" id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section148601027258"><a name="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_section148601027258"></a><a name="en-us_topic_0177717042_en-us_topic_0176803440_section148601027258"></a><h4 class="sectiontitle">VPC Endpoints</h4><p id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_p9434164992814">Specify VPC endpoints, such as <strong id="iam_07_0003__en-us_topic_0177717042_b761717442304">0ccad098-b8f4-495a-9b10-613e2a5exxxx</strong>, to allow API-based access to the cloud platform. If access control is not configured, you can access APIs from all VPC endpoints by default.</p>
<div class="note" id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_note10743737134414"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_ul483364319516"><li id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_li38337432516">User access is allowed if any of <strong id="iam_07_0003__en-us_topic_0177717042_b18525185393013">IP Address Ranges</strong>, <strong id="iam_07_0003__en-us_topic_0177717042_b1525155314303">IPv4 CIDR Blocks</strong>, and <strong id="iam_07_0003__en-us_topic_0177717042_b1452695311302">VPC Endpoints</strong> is met.</li><li id="iam_07_0003__en-us_topic_0177717042_en-us_topic_0176803440_li28336436511">To restore <strong id="iam_07_0003__en-us_topic_0177717042_b1289032612166">IP Address Ranges</strong> to the default settings (0.0.0.0255.255.255.255) and clear the settings in <strong id="iam_07_0003__en-us_topic_0177717042_b1789113268160">IPv4 CIDR Blocks</strong> and <strong id="iam_07_0003__en-us_topic_0177717042_b10891102619164">VPC Endpoints</strong>, click <strong id="iam_07_0003__en-us_topic_0177717042_b3891726161613">Restore Defaults</strong>.</li></ul>
</div></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0046611308.html">Security Settings</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink