Control: 2.1.2 Ensure network access for Cloud Object Storage is restricted to specific IP range
IBM Cloud Object Storage bucket firewall restricts all access to data unless the request originates from a list of allowed IP addresses.
Follow the steps outlined to add an IP to the list of Authorized IPs in bucket firewall policies
- Start by selecting Storage to view your resource list.
- Next, select the service instance with your bucket from within the Storage menu. This takes you to the Object Storage Console.
- Select the bucket that you want to limit access to authorized IP addresses.
- Select Access policies from the navigation menu.
- Select the Authorized IPs tab.
- Click on Add and specify a list of IP addresses in CIDR notation, for example 192.168.0.0/16, fe80:021b::0/64. Addresses can follow either IPv4 or IPv6 standards.
- Click Add.
- The firewall will not be enforced until the address is saved in the console. Click Save all to enforce the firewall.
Note that all objects in this bucket are only accessible from those IP addresses
Run the control in your terminal:
steampipe check ibm_compliance.control.cis_v100_2_1_2
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share ibm_compliance.control.cis_v100_2_1_2
This control uses a named query:manual_control