The ACL tab of the Security Settings page provides the IP Address Ranges, IPv4 CIDR Blocks, and VPC Endpoints settings for allowing user access only from specified IP address ranges, IPv4 CIDR blocks, or VPC endpoints.
Only the administrator can configure the ACL. If an IAM user needs to configure the ACL, the user can request the administrator to perform the configuration or grant the required permissions.
- Console Access (recommended): The ACL takes effect only for IAM users and federated users who are created using your account and have access to the console.
- API Access: The ACL controls users' API access through API Gateway and takes effect only for IAM users and federated users two hours after you complete the configuration.
- You can configure a maximum of 200 access control items.
- If an IAM user or a federated user accesses Huawei Cloud through a proxy server, set the allowed IP addresses, address ranges or CIDR blocks based on the proxy IP address. If an IAM user or a federated user accesses Huawei Cloud through a public network, set based on the public IP address.
IP Address Ranges
Specify IP address ranges from 0.0.0.0 to 255.255.255.255 to allow access to Huawei Cloud. The default value is 0.0.0.0–255.255.255.255. If this parameter is left blank or the default value is used, your IAM users can access the Huawei Cloud console from anywhere.
IPv4 CIDR Blocks
Specify IPv4 CIDR blocks to allow access to Huawei Cloud. For example, set IPv4 CIDR block to 10.10.10.10/32.
Specify VPC endpoints, such as 0ccad098-b8f4-495a-9b10-613e2a5exxxx, to allow API-based access to Huawei Cloud. If access control is not configured, you can access APIs from all VPC endpoints by default.
- User access is allowed if any of IP Address Ranges, IPv4 CIDR Blocks, and VPC Endpoints is met.
- To restore IP Address Ranges to the default settings (0.0.0.0–255.255.255.255) and clear the settings in IPv4 CIDR Blocks and VPC Endpoints, click Restore Defaults.