To ensure the data security of your business, you can use the access control feature of Global Accelerator (GA) to control the access to GA resources and allow authorized users to access related resources.
Configure the access control feature of GA
You can enable the access control feature for listeners of standard instances and configure whitelists and blacklists to implement fine-grained access control.
An access control policy is configured by specifying access control lists (ACLs) and access control modes.
- ACLs: You can add multiple IP addresses or CIDR blocks to each ACL.
- Access control modes: You can specify ACLs as whitelists or blacklists for different listeners.
- Whitelist: Only the requests from the IP addresses or CIDR blocks in specified ACLs are forwarded. Use a whitelist if you want to allow access from specific IP addresses.
- Blacklist: All requests from the IP addresses or CIDR blocks in specified ACLs are denied. Use a blacklist if you want to block access from specific IP addresses.
Warning
- Improperly configured whitelists may affect service availability. After you configure a whitelist for a listener, only requests from the IP addresses that are added to the whitelist are forwarded by the listener. If a whitelist is enabled but no IP addresses are added to the ACL, the listener denies all requests.
- If a blacklist is enabled but no IP addresses are added to the ACL, the listener forwards all requests.
You can configure the access control for a listener of a standard GA instance by using the following methods:
Log on to the GA console: For more information about how to configure access control in the GA console, see Access control.
Call APIs: You can call the following APIs to configure access control:
- CreateAcl: creates an ACL.
- AddEntriesToAcl: adds IP entries to an ACL.
- AssociateAclsWithListener: associates an ACL with a listener.
- DissociateAclsFromListener: disassociates an ACL from a listener.
- RemoveEntriesFromAcl: removes IP entries from an ACL.
- DeleteAcl: deletes an ACL.