Skip to content

Latest commit

 

History

History
65 lines (49 loc) · 3.19 KB

context-restrictions-update.md

File metadata and controls

65 lines (49 loc) · 3.19 KB
copyright lastupdated keywords subcollection
years
2021
2021-09-27
update network access, network access rule, network zone
account

{:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:tip: .tip} {:note: .note} {:pre: .pre} {:ui: .ph data-hd-interface='ui'} {:cli: .ph data-hd-interface='cli'} {:api: .ph data-hd-interface='api'} {:java: .ph data-hd-programlang='java'} {:python: .ph data-hd-programlang='python'} {:javascript: .ph data-hd-programlang='javascript'} {:curl: .ph data-hd-programlang='curl'} {:go: .ph data-hd-programlang='go'}

Updating context-based restrictions

{: #context-restrictions-update}

You can update context rules at any time by providing a new description, which helps identifying the purpose of the rule, or selecting a new list of resources and network environments. {: shortdesc}

To update a context-based restrictions rule, you must be assigned the administrator role on the account management service.

Updating context-based restrictions

{: #context-restrictions-update-rules}

To edit the context-based restrictions on your cloud resources, complete the following steps.

  1. In the {{site.data.keyword.cloud_notm}} console, click Manage > Context-based restrictions, and select Rules.
  2. Select the Actions icon Actions icon next to the rule you want to update, and select Edit.
  3. Provide a new description for your rule. Click Apply to simply update the description, or click Continue.
  4. To update the scope of the service you want to restrict, you can select all resources or specific resources based on the available attributes, such as resource groups or location. Then, click Apply or Continue.
  5. You can edit or remove network zones by using the summary panel.
    • Allow access from all or specific service endpoint types, which can be the combination of public, private, and direct endpoints.
    • Select, remove, or create network zones for your access rule.
    • By clicking Add, you can define multiple contexts.
  6. Click Apply to finish.

Updating network zones

{: #network-zones-update}

You can modify the list of allowed locations where an access request can originate. A set of one or more network locations can be specified by IP addresses (individual addresses, ranges, or subnets), VPCs, or service references. You can update a network zone that is used in a rule, or integrate the new updated network zones into your rules later.

  1. In the {{site.data.keyword.cloud_notm}} console, click Manage > Context-based restrictions, and select Network zones.
  2. Select the Actions icon Actions icon next to the network zone you want to update, and select Edit.
  3. You can update your zone with a better name and a description.
  4. You can edit the list of allowed IP addresses where an access request can originate. Include exceptions in the deny list, if necessary.
  5. You can add or remove allowed VPCs.
  6. You can add or remove service references. Select a service to associate its IP addresses with your network zone.
  7. Click Next to review your new configuration.
  8. To apply changes, click Update.