ACL

The ACL tab of the Security Settings page provides the IP Address Ranges, IPv4 CIDR Blocks, and VPC Endpoints settings for allowing user access only from specified IP address ranges, IPv4 CIDR blocks, or VPC endpoints.

Only the administrator can configure the ACL to control access of all IAM users under the account from specific IP address ranges, CIDR blocks, or VPC endpoints. If an IAM user needs to configure the ACL, the user can request the administrator to perform the configuration or grant the required permissions.

• You can configure a maximum of 200 access control items.
• If an IAM user or a federated user accesses Huawei Cloud through a proxy server, set the allowed IP addresses, address ranges or CIDR blocks based on the proxy IP address. If an IAM user or a federated user accesses Huawei Cloud through a public network, set based on the public IP address.
• Only IPv4 addresses are supported.

IP Address Ranges

Figure 1 IP address ranges

Specify IP address ranges from 0.0.0.0 to 255.255.255.255 to allow access to Huawei Cloud. The default value is 0.0.0.0–255.255.255.255. If this parameter is left blank or the default value is used, your IAM users can access the Huawei Cloud console from anywhere.

VPC Endpoints

Specify access to Huawei Cloud APIs only from the VPC Endpoint with the specified ID, for example, 0ccad098-b8f4-495a-9b10-613e2a5exxxx. You can set the VPC endpoint only on the API Access tab. If access control is not configured, you can access APIs from all VPC endpoints by default.

Figure 2 VPC endpoints

• User access is allowed if any of IP Address Ranges, IPv4 CIDR Blocks, and VPC Endpoints is met.
• To restore IP Address Ranges to the default settings (0.0.0.0–255.255.255.255) and clear the settings in IPv4 CIDR Blocks and VPC Endpoints, click Restore Defaults.