As an optional security measure, you can configure an application to allow only IP addresses you specify to access it in the Cloud Platform user interface.
By default, users who are members of a team assigned to an application can sign in to the Cloud Platform user interface and access the application from any IP address. Cloud Platform controls user access with a username and password, the roles and permissions assigned to users, and optionally, two-step verification.
For extra security, you can prohibit users from signing in to the Cloud Platform user interface unless they do so from one of the IP addresses you specify. This feature, IP address allowlisting, affects only access to the Cloud Platform user interface. IP address allowlisting doesn’t affect normal access to the websites you host on Cloud Platform.
Note
For information about using Shield to manage SSH access, see Controlling access with Shield.
Enabling IP address allowlisting
Only users who have the Owner or Administrator role for an application’s organization can enable or disable IP address allowlisting for an application. To enable IP address allowlisting:
Sign in to the Cloud Platform user interface with the Owner or Administrator role.
Select the application you want to work with.
In the menu on the left side, click Security.
On the Security page, click Edit Settings to open the Edit security settings page.
In the IP restrictions list, click Only allow allowlisted IPs.
Enter an IP address you want to allow to access your application through the Cloud Platform user interface. Click Add another to add more IP addresses.
Note
Cloud Platform doesn’t support adding IP address ranges.
Click Save.
If you must allowlist Acquia’s IP addresses for your websites or services, create a Support ticket to obtain the necessary information.
Note
Acquia employees with the proper permissions (such as members of Acquia Support) can still access your Acquia applications.