Example of Global IP Specifying on Connecting DestinationΒΆ

The contents below shows examples how to limit multiple operations to the specific global IP.
By using the group that have been set at Example of Read Only User Setting and Users who only operate VM. , permit the access from only the specific global IP to read and operate VM.
The IAM role identifying the specific IP address is as follows:
This setting is configured at Global IP Address Restriction as the template.

Warning

Operations that can be restricted by global IP are API operations only. GUI operations are not restricted.

{
   "contract_id" : "econXXXXXXXXX",
   "iam_role_name" : "allowed_ipaddress",
   "description" : "Global IP Address Restriction",
   "resources" : [
       {
           "ipAddress" : "1.2.3.4/24"
       }
   ]
}
Link this IAM role with read_only_group and nova_restricted_operation_grop . The AND condition will be applied to the linkage between each IAM group's role and allowed_ipaddress_role .
In the example, VM and reading operations that has been allowed to only the global IP with 1.2.3.4/24 can be executed.
IPAddress