This topic uses a sample policy to demonstrate how to authorize a RAM user to access Alibaba Cloud through a specified CIDR block.
The following policy indicates that the authorized RAM user can access ECS instances only from IP addresses in the 192.168.0.0/16 CIDR block.
In this case, the acs:SourceIp
condition key in the Condition
element is set to 192.168.0.0/16
.
{
"Statement": [
{
"Action": "ecs:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"IpAddress": {
"acs:SourceIp": "192.168.0.0/16"
}
}
}
],
"Version": "1"
}
Note The
Condition
element only applies to the actions specified for the current policy. You can replace
the 192.168.0.0/16
CIDR block with the CIDR block of your private network.