Restrict access to the account

By default, access to the account is allowed from all IP addresses. The account owner and users with the iam.admin role can restrict account access — users will only be able to log into the account from IP addresses and subnets that the account owner or iam.admin have added to the allowed list.

The access restriction applies to logging in through the control panel.

Add an address to the allowed list

Before adding an IP address, ensure that the IP address is static. You can verify the address type with your provider.

1. In the control panel in the top menu, click IAM.

2. Go to the ACL section.

3. Click Add addresses.

4. To retain access to your account, first add your current IP address.

5. Click Add another address.

6. Enter the address. You can add:

   • IPv4 address;
   • IPv6 address;
   • subnet in the format 198.51.100.0/29.

7. Optional: enter a comment. For example, specify who owns the specified IP address or subnet. The maximum length of the comment is 256 characters.

8. Click Add. Sessions from addresses that are not listed in the list will be terminated, and access to the account from them will be denied.

Remove an address from the allowed list

The account owner and iam.admin can delete one or all addresses from which access to the account is allowed. When deleting all addresses, all restrictions will be removed — users will have access to the account from any address.

Remove a single address

1. In the control panel, on the top menu, click IAM.
2. Go to the ACL section.
3. In the address menu, select Delete.
4. To confirm the deletion, enter the address.
5. Click Delete.

Remove all addresses

After all addresses are removed, users will be able to log into the account from any address.

1. In the control panel, on the top menu, click IAM.
2. Go to the ACL section.
3. Click Allow access from any address.
4. To confirm the deletion of the entire list of allowed addresses, click Allow.