ACL
The ACL tab of the Security Settings page provides the IP Address Ranges, CIDR Blocks, and VPC Endpoints settings for allowing user access only from specified IP address ranges, CIDR blocks, or VPC endpoints.
Only the administrator can configure the ACL to control access of all IAM users under the account from specific IP address ranges, CIDR blocks, or VPC endpoints.
- Console Access (recommended): The ACL takes effect only for IAM users and federated users (SP-initiated)who are created using your account and have access to the console.
- API Access: The ACL controls users' API access through API Gateway and takes effect only for IAM users and federated users two hours after you complete the configuration.
- You can configure a maximum of 200 access control items.
- If an IAM user or a federated user accesses Huawei Cloud through a proxy server, set the allowed IP addresses, address ranges or CIDR blocks based on the proxy IP address. If an IAM user or a federated user accesses Huawei Cloud through a public network, set based on the public IP address.
- Both IPv4 and IPv6 addresses can be used for console access, and only IPv4 addresses can be used for API access.
IP Address Ranges
You can specify the IP address range to control access to Huawei Cloud. The IPv4 address range is from 0.0.0.0 to 255.255.255.255 and the default setting is 0.0.0.0-255.255.255.255. The IPv6 address range is from 0:0:0:0:0:0:0:0 to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF and the default setting is 0:0:0:0:0:0:0:0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. If you do not specify a value range or use the default value range, IAM users can access Huawei Cloud from any IP addresses. To disable IPv6 access, set this the IP address to all zeros, for example, 0:0:0:0:0:0:0:0-0:0:0:0:0:0:0:0.
CIDR Blocks
Specify CIDR blocks to control access to Huawei Cloud. For example, set CIDR Block to 10.10.10.10/32.
VPC Endpoints
Specify access to Huawei Cloud APIs only from the VPC Endpoint with the specified ID, for example, 0ccad098-b8f4-495a-9b10-613e2a5exxxx. You can set the VPC endpoint only on the API Access tab. If access control is not configured, you can access APIs from all VPC endpoints by default.
- User access is allowed if any of IP Address Ranges, CIDR Blocks, and VPC Endpoints is met.
- To restore IP Address Ranges to the default settings (0.0.0.0-255.255.255.255) and clear the settings in CIDR Blocks and VPC Endpoints, click Restore Defaults.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
