Updated on 2023-12-20 GMT+08:00

Access Control

Access control policies are a type of security measures provided by APIG. You can use them to allow or deny API access from specific IP addresses, account names, or account IDs.

Access control policies take effect for an API only if they have been bound to the API.

Usage Guidelines

  • An API can be bound only with one access control policy of the same restriction type in an environment, but each access control policy can be bound to multiple APIs.

Configuration Parameters

Table 1 Parameter description

Parameter

Description

Name

Access control policy name.

Type

Type of the source from which API calls are to be controlled.

  • IP address: Control API access by IP address.
  • Account name: Control IAM authentication–based API access by account name, not IAM user name.

Effect

Options: Allow and Deny.

Use this parameter along with Type to control access from certain IP addresses, account names, or account IDs to an API.

IP Address

Required only when Type is set to IP address.

IP addresses and IP address ranges that are allowed or not allowed to access an API.

NOTE:

You can set a maximum of 100 IP addresses respectively to allow or deny access.

Account Name

Required only when Type is set to Account name.

Enter the account names that are allowed or forbidden to access an API. Use commas (,) to separate multiple account names.

Click the username in the upper right corner of the console and choose My Credentials to obtain the account name.