As an optional security measure, you can configure an application to allow only IP addresses you specify to access it in the Cloud Platform user interface.
By default, users who are members of a team assigned to an application can sign in to the Cloud Platform user interface and access the application from any IP address. Cloud Platform controls user access with a username and password, the roles and permissions assigned to users, and optionally, two-step verification.
For extra security, you can prohibit users from signing in to the Cloud Platform user interface unless they do so from one of the IP addresses you specify. This feature, IP address allowlisting, affects only access to the Cloud Platform user interface. IP address allowlisting doesn’t affect normal access to the websites you host on Cloud Platform.
IP address allowlisting controls access to Cloud Platform resources after requests originate from non-allowlisted IP addresses. The allowlist applies to the following services:
Cloud Platform user interface: You must allowlist your IP address to use the page, as it relies on platform APIs.
API-based access: All direct calls to Cloud Platform endpoints, such as https://cloud.acquia.com/api
Traffic to your hosted websites is not restricted by this feature. Site visitors can access your applications regardless of their IP address.
Automated processes that call APIs from outside your corporate network or VPN are blocked unless you allowlist their egress IP addresses. These processes include:
Continuous Integration/Continuous Deployment (CI/CD) runners and pipelines
External monitoring and health-check services
Custom automation scripts and batch jobs
Fixing broken integrations
To fix an integration that stops working after you enable allowlisting:
Identify the public egress IP address of the integration.
Add the IP address to the allowlist.
Use static IP addresses: If your integration runs from a cloud provider with dynamic IP addresses, use a stable egress strategy, such as a Network Address Translation (NAT) gateway or static egress, and allowlist that specific IP address.
Enabling IP address allowlisting
Only users who have the Owner or Administrator role for an application’s organization can enable or disable IP address allowlisting for an application. To enable IP address allowlisting:
On the Security page, click Edit Settings to open the Edit security settings page.
In the IP restrictions list, click Only allow allowlisted IPs.
Enter an IP address you want to allow to access your application through the Cloud Platform user interface. Click Add another to add more IP addresses. Cloud Platform does not support adding IP address ranges.
Click Save.
If you must allowlist Acquia’s IP addresses for your websites or services, create a Support ticket to obtain the necessary information.
Note
Acquia employees with the proper permissions (such as members of Acquia Support) can still access your Acquia applications.
Securing your application with IP address allowlisting
As an optional security measure, you can configure an application to allow only IP addresses you specify to access it in the Cloud Platform user interface.
By default, users who are members of a team assigned to an application can sign in to the Cloud Platform user interface and access the application from any IP address. Cloud Platform controls user access with a username and password, the roles and permissions assigned to users, and optionally, two-step verification.
For extra security, you can prohibit users from signing in to the Cloud Platform user interface unless they do so from one of the IP addresses you specify. This feature, IP address allowlisting, affects only access to the Cloud Platform user interface. IP address allowlisting doesn’t affect normal access to the websites you host on Cloud Platform.
IP address allowlisting controls access to Cloud Platform resources after requests originate from non-allowlisted IP addresses. The allowlist applies to the following services:
Cloud Platform user interface: You must allowlist your IP address to use the page, as it relies on platform APIs.
API-based access: All direct calls to Cloud Platform endpoints, such as https://cloud.acquia.com/api
Traffic to your hosted websites is not restricted by this feature. Site visitors can access your applications regardless of their IP address.
Automated processes that call APIs from outside your corporate network or VPN are blocked unless you allowlist their egress IP addresses. These processes include:
Continuous Integration/Continuous Deployment (CI/CD) runners and pipelines
External monitoring and health-check services
Custom automation scripts and batch jobs
Fixing broken integrations
To fix an integration that stops working after you enable allowlisting:
Identify the public egress IP address of the integration.
Add the IP address to the allowlist.
Use static IP addresses: If your integration runs from a cloud provider with dynamic IP addresses, use a stable egress strategy, such as a Network Address Translation (NAT) gateway or static egress, and allowlist that specific IP address.
Enabling IP address allowlisting
Only users who have the Owner or Administrator role for an application’s organization can enable or disable IP address allowlisting for an application. To enable IP address allowlisting:
On the Security page, click Edit Settings to open the Edit security settings page.
In the IP restrictions list, click Only allow allowlisted IPs.
Enter an IP address you want to allow to access your application through the Cloud Platform user interface. Click Add another to add more IP addresses. Cloud Platform does not support adding IP address ranges.
Click Save.
If you must allowlist Acquia’s IP addresses for your websites or services, create a Support ticket to obtain the necessary information.
Note
Acquia employees with the proper permissions (such as members of Acquia Support) can still access your Acquia applications.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Cloud Platform