Control: 2.1.2 Ensure network access for Cloud Object Storage is restricted to specific IP range


IBM Cloud Object Storage bucket firewall restricts all access to data unless the request originates from a list of allowed IP addresses.


From Console

Follow the steps outlined to add an IP to the list of Authorized IPs in bucket firewall policies

  1. Start by selecting Storage to view your resource list.
  2. Next, select the service instance with your bucket from within the Storage menu. This takes you to the Object Storage Console.
  3. Select the bucket that you want to limit access to authorized IP addresses.
  4. Select Access policies from the navigation menu.
  5. Select the Authorized IPs tab.
  6. Click on Add and specify a list of IP addresses in CIDR notation, for example, fe80:021b::0/64. Addresses can follow either IPv4 or IPv6 standards.
  7. Click Add.
  8. The firewall will not be enforced until the address is saved in the console. Click Save all to enforce the firewall.

Note that all objects in this bucket are only accessible from those IP addresses


Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_2_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_2_1_2 --share


This control uses a named query: