tencent cloud

Feedback

IP Access Restrictions

Last updated: 2024-01-23 17:54:33

    Introduction

    This document describes how to use custom policy to restrict sub-accounts’ access IPs. After setting the policy, the set IPs will control the sub-accounts’ access to the root account resources.

    Prerequisites

    The product must support limiting access via IP. For more information, see FAQs.

    Directions

    1. Go to the Policies management page and click New Custom Policy in the upper left corner.
    2. In the selection window that pops up, click Create by Policy Generator.
    3. In the Service and Action selection page, enter the following information:
    Effect: Required. Select “Allow”. If you choose “Deny”, users or groups will not be able to obtain authorization.
    Service: Required. Select the product you want to add.
    Action: Required. Select product permissions according to your requirements.
    Resources: Required. For more information on what to enter, see Resource Description Method.
    Conditions: Enter the IP address according to your needs. You can add multiple restrictions. For example, for effect, select Allow to only permit users or groups from this IP address to obtain authorization.

    Use Case

    In the following example, the user must be in the 10.217.182.3/24 or 111.21.33.72/24 IP ranges to invoke the cos:PutObject Cloud API call. This is shown in the following figure:
    
    The policy syntax is as follows:
    {
    "version": "2.0",
    "statement": [
    {
    "effect": "allow",
    "action": "cos:PutObject",
    "resource": "*",
    "condition": {
    "ip_equal": {
    "qcs:ip": [
    "10.217.182.3/24",
    "111.21.33.72/24"
    ]
    }
    }
    }
    ]
    }
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support