Configuring Access to Lifecycle Cloud
Configuring Inbound Traffic Allowlist
The Allowlist can be configured to filter inbound traffic to the IQ Server by IP address. Once the Allowlist has been set it will block all inbound traffic unless the IP address is found in the Configuration REST API access Allowlist or the config.yml system Allowlist.
Single IP addresses, and also IP address ranges using CIDR notation can be added to the Allowlist. The Allowlist supports both IPv4 and IPv6 IP addresses. A description field is also supported to help keep track of IP addresses.
Note
Any CIDR IP address must be a valid CIDR notation. If the CIDR address is invalid it will be interpreted as a single IP address, not an IP address range.
REST API Allowlist
The configuration REST API allows users with the System Administrator role or the Edit System Configuration and Users permission to self-service the access Allowlist.
The IQ Server Allowlist can be configured using the Configuration REST API - v2, the accessAllowlist feature is only available to Lifecycle Cloud customers.
Property | Default Value | Description |
|---|---|---|
accessAllowlist | null | JSON list of allowed inbound IP or CIDR addresses, with descriptions |
Example REST API Allowlist request body.
{
"accessAllowlist": [
{
"ipAddress": "192.168.33.67",
"description": "User IP address"
},
{
"ipAddress": "223.225.0.0/18",
"description": "IP address range CIDR notation"
}
]
}System Allowlist
The system Allowlist is part of config.yml and is used to store user admin and infrastructure IP addresses. The system Allowlist can be modified with the creation of a support ticket.
Example config.yml system Allowlist configuration.
# System IP Address Filter Allowlist
# Supports single IP address and IP address range in CIDR notation
systemAllowlist:
- ipAddress: 223.223.0.0/18
description: Customer Monitor IP range CIDR Notation
- ipAddress: 223.223.33.66
description: Customer Admin IP for REST API Access