This topic describes how to configure an IP allowlist to control which clients can access your Container Registry Enterprise Edition instance over the Internet, preventing unauthorized access.
Prerequisites
You have a Container Registry Enterprise Edition instance.
Internet access is enabled for the instance. By default, Enterprise Edition instances cannot be accessed over the Internet. You must enable Internet access before configuring an access control policy.
After you enable Internet access, the CIDR block 127.0.0.1/32 is automatically added to the whitelist.
Procedure
Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the Enterprise Edition instance that you want to manage.
-
In the left-side navigation pane, choose .
NoteFor Helm charts, choose .
-
On the Access Control page, click the Internet tab.
-
On the Internet tab, click Add Internet Whitelist.
-
In the Add Internet Whitelist dialog box, specify the CIDR block and the description.
-
Click OK.
ECS instances whose IP addresses fall within the specified CIDR block can now access the Container Registry Enterprise Edition instance over the Internet.
ImportantClearing the whitelist exposes your instance completely to the Internet and may result in attacks. If you want to allow all ECS instances to access the instance over the Internet, clear the whitelist — but proceed with caution.