Last updated:2021-10-29 17:57:30
This topic describes how to use IAM to limit the IP addresses that are allowed to access Kingsoft Cloud resources. This enhances access security.
Enterprise A has purchased multiple types of Kingsoft Cloud resources. To ensure business and data security, the enterprise requires users to access Kingsoft Cloud resources only from the IP addresses of the private network of the enterprise.
To authorize an IAM user to access Kingsoft Cloud resources only from specific IP addresses, you can create a custom policy and attach the policy to the IAM user.
Sample policy:
{
"Version": "2015-11-01",
"Statement": [
{
"Effect": "Allow",
"Action": "kec:*",
"Resource": "*",
"Condition": {
"IpAddress": {
"ksc:SourceIp": [
"192.168.0.0/16"
]
}
}
}
]
}
Log in to the IAM console.
In the left navigation pane, choose Identities > Subusers. The Subusers page appears.
Click Create User. The Create User page appears.
Enter the required information in the User login information section as prompted.
Username: the username of the IAM user. This parameter is required. After the IAM user is created, the username cannot be changed.
Display name: the display name of the IAM user. You can define it based on your business requirements. This parameter is required.
E-mail: the email address for receiving messages. This parameter is optional.
Cellphone number: the phone number for receiving messages. This parameter is optional.
Receive message: Specifies whether to receive messages. After it is enabled, the E-mail and Cellphone number parameters are required.
Select an access mode in the Access Mode section. To ensure your account security, we recommend that you select only one access mode.
Console Password Logon: If you select this access mode, you need to set the Console Password, Password Reset, Login Protection, Operation Protection, and Sub-users view all items parameters.
Programmatic Access: If you select this access mode, the system automatically generates an AccessKey for the IAM user. The IAM user can access Kingsoft Cloud by using API operations or other development tools.
Click Submit.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.