Controlling access with Shield

Shield enables you to configure IP address allowlisting for occasions when you must restrict SSH access to the web servers in your subscription.

Note

Cloud Platform requires specific Acquia-operated IPs and CIDR ranges to remain accessible to all servers. You cannot modify or control them by using Shield IP allowlisting. They do not count toward the IP allowlist limits.
Shield imposes a limit of 25 IP addresses or CIDR ranges.
Port 22 is closed at the load balancer layer of Cloud Platform. Shield restricts access to port 22 in the web server layer of Cloud Platform.
Acquia Cloud products such as Code Studio or Cloud IDE depend on SSH access to your Cloud Platform application. Therefore, you must allowlist these products manually. To get the list of IP addresses to allowlist them, contact Acquia Support.
For more information about security settings in Cloud Platform, such as password strength, two-factor verification, or allowlisting access to the Cloud Platform interface, see Managing security settings.

Enabling allowlisting in Shield¶

To limit SSH access to your infrastructure for all applications in your subscription:

Sign in to the Cloud Platform interface with the Owner or Administrator role, and then select the application you want to work with.
In the menu to the left, click Security.
Click Shield.
Click Add Rule.
In the Rule Name field, enter a name less than 90 characters in length.
In the IP address(es) or range section, select one of the following options:
- Enter manually: Enter one or more addresses (such as 10.0.0.1) in the text area.
- Import a CSV file: Drag a text file containing one or more IP addresses (such as 10.0.0.1) into the text area.
  Note
  You can separate several IP addresses by a space, comma, or line breaks. You can also use CIDR ranges, such as: 222.117.0.1/24.
Click Save.
The system refreshes the webpage and displays a list of all allowlisting rules.

Enabling allowlisting in Shield

To limit SSH access to your infrastructure for all applications in your subscription:

Sign in to the Cloud Platform interface with the Owner or Administrator role, and then select the application you want to work with.

In the menu to the left, click Security.

Click Shield.

Click Add Rule.

In the Rule Name field, enter a name less than 90 characters in length.

In the IP address(es) or range section, select one of the following options:

Enter manually: Enter one or more addresses (such as 10.0.0.1) in the text area.
Import a CSV file: Drag a text file containing one or more IP addresses (such as 10.0.0.1) into the text area.
Note
You can separate several IP addresses by a space, comma, or line breaks. You can also use CIDR ranges, such as: 222.117.0.1/24.

Click Save.

The system refreshes the webpage and displays a list of all allowlisting rules.