This topic provides a sample policy that you can use to authorize your Resource Access Management (RAM) users. This policy allows RAM users to access Alibaba Cloud resources by using a specific IP address or Classless Inter-Domain Routing (CIDR) block.

In the following code, the RAM users can access Elastic Cloud Service (ECS) instances only by using 172.16.215.218 and 192.168.0.0/16.

You must specify acs:SourceIp in Condition, as shown in the following code.

{
  "Statement": [
    {
      "Action": "ecs:*",
      "Effect": "Allow",
      "Resource": "*",
      "Condition": {
        "IpAddress": {
          "acs:SourceIp":[
          "192.168.0.0/16",
          "172.16.215.218"
         ]
        }
      }
    }
  ],
  "Version": "1"
}
Note
  • Condition is applicable only to the actions that are specified in the policy.
  • The value of acs:SourceIp in the preceding code is only for reference. You must specify the value based on your business requirements.