Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
IP Access Restrictions
Last updated: 2024-01-23 17:54:33
Introduction
This document describes how to use custom policy to restrict sub-accounts’ access IPs. After setting the policy, the set IPs will control the sub-accounts’ access to the root account resources.
Prerequisites
Directions
1. Go to the Policies management page and click New Custom Policy in the upper left corner.
2. In the selection window that pops up, click Create by Policy Generator.
3. In the Service and Action selection page, enter the following information:
Effect: Required. Select “Allow”. If you choose “Deny”, users or groups will not be able to obtain authorization.
Service: Required. Select the product you want to add.
Action: Required. Select product permissions according to your requirements.
Resources: Required. For more information on what to enter, see Resource Description Method.
Conditions: Enter the IP address according to your needs. You can add multiple restrictions. For example, for effect, select Allow to only permit users or groups from this IP address to obtain authorization.
Use Case
In the following example, the user must be in the 10.217.182.3/24 or 111.21.33.72/24 IP ranges to invoke the cos:PutObject Cloud API call. This is shown in the following figure:
The policy syntax is as follows:
{"version": "2.0","statement": [{"effect": "allow","action": "cos:PutObject","resource": "*","condition": {"ip_equal": {"qcs:ip": ["10.217.182.3/24","111.21.33.72/24"]}}}]}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No