All Documents
Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Found 0 result in total

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Identity and Access Management

View more results
Document title with current keyword not found
Directory
Expand AllFold All Up
No products found with this keyword
Documentation Identity and Access Management Tutorials Use IAM to limit the IP addresses that are allowed to access Kingsoft Cloud resources

Use IAM to limit the IP addresses that are allowed to access Kingsoft Cloud resources

Last updated:2021-10-29 17:57:30

This topic describes how to use IAM to limit the IP addresses that are allowed to access Kingsoft Cloud resources. This enhances access security.

Background

Enterprise A has purchased multiple types of Kingsoft Cloud resources. To ensure business and data security, the enterprise requires users to access Kingsoft Cloud resources only from the IP addresses of the private network of the enterprise.

Solution

To authorize an IAM user to access Kingsoft Cloud resources only from specific IP addresses, you can create a custom policy and attach the policy to the IAM user.

Step 1: Create a custom policy

  1. Log in to the IAM console.
  2. In the left navigation pane, choose Permissions > Policies. The Policies page appears.
  3. Click the Custom Policies tab.
  4. Click Create Policy. On the Create Policy page, set the Policy and Remarks parameters in the Set Policy Information section.
  5. In the Select Policy Type section, select Policy grammar and select a policy template. Click Next and edit the policy.
Sample policy:
{
    "Version": "2015-11-01",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "kec:*",
            "Resource": "*",
            "Condition": {
                "IpAddress": {
                    "ksc:SourceIp": [
                        "192.168.0.0/16"
                    ]
                }
            }
        }
    ]
}
  1. Click Create strategy.

Step 2: Create an IAM user

  1. Log in to the IAM console.
  2. In the left navigation pane, choose Identities > Subusers. The Subusers page appears.
  3. Click Create User. The Create User page appears.
  4. Enter the required information in the User login information section as prompted.

    Username: the username of the IAM user. This parameter is required. After the IAM user is created, the username cannot be changed. Display name: the display name of the IAM user. You can define it based on your business requirements. This parameter is required. E-mail: the email address for receiving messages. This parameter is optional. Cellphone number: the phone number for receiving messages. This parameter is optional. Receive message: Specifies whether to receive messages. After it is enabled, the E-mail and Cellphone number parameters are required.

  5. Select an access mode in the Access Mode section. To ensure your account security, we recommend that you select only one access mode.

    Console Password Logon: If you select this access mode, you need to set the Console Password, Password Reset, Login Protection, Operation Protection, and Sub-users view all items parameters. Programmatic Access: If you select this access mode, the system automatically generates an AccessKey for the IAM user. The IAM user can access Kingsoft Cloud by using API operations or other development tools.

  6. Click Submit.

Step 3: Grant permissions to the IAM user

  1. Log in to the IAM console.
  2. In the left navigation pane, choose Permissions > Policies. The Policies page appears.
  3. Find the target policy and click Associated object in the Actions column.
  4. In the Associated object panel, select the target IAM user.
  5. Click OK.
On this page
Previous:Tutorials
Next:Security Settings
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback