yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
8af0f653c62826e99afeb45bbd2fb0ad702f0fce
doc-exports/docs/iam/umn/iam_07_0003.html
weihongmin1 8af0f653c6 IAM UMN 25.9.0 Version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
2026-03-12 13:14:16 +00:00

7.2 KiB
Raw Blame History

ACL

The ACL tab of the Security Settings page provides the IP Address Ranges, CIDR Blocks, and VPC Endpoints settings for allowing user access only from specified IP address ranges, CIDR blocks, or VPC endpoints.

Only the administrator or an entrusted identity can configure the ACL to control access of all IAM users under the account from specific IP address ranges, CIDR blocks, or VPC endpoints.

Access type:
  • Console Access (recommended): The ACL takes effect only for IAM users who are created using your account and have access to the console.
  • API Access: The ACL controls users' API access through API Gateway and takes effect only for your account and IAM users under your account 15 minutes after you complete the configuration.
  • You can configure a maximum of 200 access control items.
  • Both IPv4 and IPv6 addresses can be used for console access, and only IPv4 addresses can be used for API access.

IP Address Ranges

You can specify the IP address range to control access to the cloud platform. The IPv4 address range is from 0.0.0.0 to 255.255.255.255 and the default setting is 0.0.0.0-255.255.255.255. The IPv6 address range is from 0:0:0:0:0:0:0:0 to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF and the default setting is 0:0:0:0:0:0:0:0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. If you do not specify a range or use the default range, your IAM users can access the cloud platform from any IP addresses. To disable IPv6 access, set the IP address to all zeros, for example, 0:0:0:0:0:0:0:0-0:0:0:0:0:0:0:0.

The IP address of the current user must be in the allowed IP address range. Otherwise, the setting will fail.

CIDR Blocks

Specify CIDR blocks to control access to the cloud platform. For example, set CIDR Block to 10.10.10.10/32.

VPC Endpoints

Specify access to the cloud platform APIs only from the VPC Endpoint with the specified ID, for example, 0ccad098-b8f4-495a-9b10-613e2a5exxxx. You can set the VPC endpoint only on the API Access tab. If access control is not configured, you can access APIs from all VPC endpoints by default.

Figure 1 VPC endpoints
  • User access is allowed if any of IP Address Ranges, CIDR Blocks, and VPC Endpoints is met.
  • To restore IP Address Ranges to the default settings (0.0.0.0-255.255.255.255) and clear the settings in CIDR Blocks and VPC Endpoints, click Restore Defaults.
Parent topic: Security Settings
<script language="JavaScript"> </script>