All Products
Search

This Product

    Simple Message Queue (formerly MNS):ACL-based access control

    Document Center

    Simple Message Queue (formerly MNS):ACL-based access control

    Last Updated:Feb 11, 2025

    Simple Message Queue (SMQ, formerly MNS) offers an access control feature that enables you to control all accesses from public endpoints to SMQ service. This feature allows you to configure rules to deny accesses from all IP addresses or allow accesses from only some IP addresses.

    Overview

    • Disable Public Endpoint: You can access SMQ only over a virtual private cloud (VPC).

    • Enable Public Endpoint: Only clients whose IP addresses or Classless Inter-Domain Routing (CIDR) blocks are in the IP address whitelist can access SMQ service.

    Supported regions

    The access control feature is available in the China (Beijing), China (Shanghai), and China (Guangzhou) regions.

    Create an IP address whitelist

    1. Log on to the SMQ console. In the left-side navigation pane, click Access Control.

    2. In the top navigation bar, select a region. Example: China (Beijing).

    3. On the Access Control page, click Create an IP address whitelist on the Public Endpoint tab.

    4. In the Create an IP address whitelist panel that appears, specify one or more IP addresses or CIDR blocks and click OK.

      Note

      Separate multiple IP addresses or CIDR blocks with semicolons (;) or commas (,).

    View an IP address whitelist

    1. On the Access Control page, click the Public Endpoint tab.

    2. You can view the IP addresses of public endpoints that are allowed to access SMQ in the IP Address Whitelist list.

    Delete an IP address whitelist

    1. On the Access Control page, click the Public Endpoint tab.

    2. In the IP Address Whitelist list, locate the desired IP address or CIDR block and click Delete in the Actions column.

    3. In the Delete IP Whitelist dialog box, click OK.

      Important

      If you delete an IP address or a CIDR block from the IP address whitelist, the client to which the IP address or the CIDR block belong is not allowed to access SMQ service. Proceed with caution.

    Disable accesses over public endpoints

    1. On the Access Control page, click the Public Endpoint tab.

    2. Disable the Allow Access next to Access Control.

    3. In the Are you sure you want to deny all accesses from the public IP address? dialog box, read the message that appears and click OK.

      Important

      If Allow Access is disabled, all access requests from public IP endpoints are blocked and an error code is returned. Proceed with caution.