IP allowlist
Imply must enable this feature for you. Contact Imply Polaris support for more information.
IP allowlist is a type of network policy that lets you control API key (Authorization: Basic
) access to a project in Imply Polaris. You can configure an IP allowlist to only accept API requests authorized with API keys from specific IPv4 addresses and Classless Inter-Domain Routing (CIDR) blocks.
IP allowlist restrictions apply to regional API resources only. Regional APIs operate at the project level and are only accessible within the cloud service provider and region where Polaris hosts your project. The IP allowlist feature doesn't control access to global resources. To learn more about the difference between regional and global API resources, see Polaris API resources.
This topic walks you through the process of configuring an IP allowlist in the Polaris UI. For information on how to use the Network policy API, see Set a network policy.
Prerequisites
Polaris users with the AdministerNetworkPolicies
permission and members of the Organization Admin group can create and manage IP allowlists for the entire organization.
Users with the ManageNetworkPolicies
permission and members of the Project Admin group can create and manage IP allowlists for specific projects.
For more information on permissions, see Permissions reference.
Create an IP allowlist
The IP allowlist feature is disabled by default. To create an IP allowlist for your project, follow these steps:
- In the top right corner of the page, click the gear icon to open the Administration console.
- On the Projects page, click the ellipsis for the desired project to display the menu:
- Click IP allowlist. This opens the IP allowlist dialog where you can enable and disable the feature.
- In the IP allowlist dialog, click the toggle to enable the feature.
- Enter an IPv4 address or CIDR and a description. The description can be up to 255 characters. You must add at least one address-description pair. To add more entries, click the +Add button:
- Click Save.
Edit an IP allowlist
To remove an entry from the IP allowlist, click the remove icon (X) next to the address, then click Save.
You can also disable the IP allowlist by moving the toggle to the off position instead of removing individual entries. When you disable the IP allowlist, Polaris retains the authorized CIDR and IP addresses, so that you can easily re-enable them within the IP allowlist in the future.
Limitations
The following limitations apply to the IP allowlist feature:
- Polaris doesn't accept partial entries. You must add a description and an IPv4 address or CIDR for each entry.
- The IP allowlist doesn't support IPv6 addresses.
- You can only add one IPv4 address or CIDR per entry. Comma-separated lists are not supported.
- Polaris supports up to 20 entries per IP allowlist.
- The IP allowlist doesn't control requests authorized with access tokens (
Authorization: Bearer
).
Learn more
See the following topics for more information:
- Network policy API for reference on the Network policy API.