All Products
Search
Document Center

Key Management Service:Condition key

最終更新日:Dec 25, 2024

A condition key specifies the circumstances under which authorization is valid. You can define condition keys in key policies, secret policies, and custom RAM policies to manage access to KMS. This topic outlines the common condition keys for Alibaba Cloud and those specific to KMS.

Note

For key and secret policies, the Principal field is mandatory. However, for custom RAM policies, this field may be omitted.

Alibaba Cloud common condition keys

acs:SourceIp

Condition key

Description

Condition operation type

API operation

Value range

Policy type

acs:SourceIp

The client IP address of the user request, which only includes public IP addresses.

String

All OpenAPI operations of KMS. For a specific list, see API overview.

IP address. For example:

  • "126.34.XX.XX"

  • "2001:0db8:85a3:0000:0000:8a2e:XXXX:XXXX"

  • Custom policies of RAM

  • Key policy

  • Secret policy

RAM policy example

Permits the generation of data keys only if the request originates from the IP address range 116.62.XX.XX/24.

{
    "Statement": [
        {
            "Action": "kms:GenerateDataKey",
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "IpAddress": {
                    "acs:SourceIp": "116.62.XX.XX/24"
                }
            }
        }
    ],
    "Version": "1"
}

Key/secret policy example

Grants access solely to RAM user ramuser1 and from IP address 203.0.XX.XX.

{
	"Version":"1",
	"Statement":[
		{
			"Sid":"kms policy",
			"Effect":"Allow",
			"Action":"kms:*",
			"Principal":{
				"RAM":[
					"acs:ram::1192853035****:user/ramuser1"
				]
			},
			"Resource":"*",
			"Condition":{
				"IpAddress":{
					"acs:SourceIp":[
						"203.0.XX.XX"
					]
				}
			}
		}
	]
}

acs:SourceVpc

Condition key

Description

Condition operation type

API operation

Value range

Policy type

acs:SourceVpc

The VPC to which the client of the user request belongs. This condition key is valid only when the request comes from the Alibaba Cloud VPC network.

String

All OpenAPI operations of KMS. For a specific list, see API overview.

VPC ID. For example, vpc-bp1717bgs34gj****.

  • Custom policies of RAM

  • Key policy

  • Secret policy

Limits:

  • All actions in the Statement field of the policy must begin with kms:, for example, "Action":"kms:*" or "Action":"kms:GenerateDataKey". Using "Action":"*" or "Action":"k*" is not permitted.

  • This condition key is only available in certain regions.

    Regions supporting acs:SourceVpc

    Public cloud

    Region classification

    Supported regions

    China

    China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Chengdu), Hong Kong (China)

    Other countries and regions

    Malaysia (Kuala Lumpur), Japan (Tokyo), Germany (Frankfurt), US (Virginia), US (Silicon Valley), Indonesia (Jakarta), UK (London), Philippines (Manila), Singapore, South Korea (Seoul), Thailand (Bangkok)

Key/secret policy example: Grants access only to RAM user ramuser1 and from vpc-bp1l8j1t3l3j5****.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "acs:SourceVpc": [
                        "vpc-bp1l8j1t3l3j5****"
                    ]
                }
            }
        }
    ]
}

acs:VpcSourceIp

Condition key

Description

Condition operation type

API operation

Value range

Policy type

acs:VpcSourceIp

The client IP address of the user request. This condition key is valid only when the request comes from the Alibaba Cloud VPC network.

String

All OpenAPI operations of KMS. For a specific list, see API overview.

IP address in the VPC. For example:

  • "126.34.XX.XX"

  • "2001:0db8:85a3:0000:0000:8a2e:XXXX:XXXX"

  • Custom policies of RAM

  • Key policy

  • Secret policy

Limits: This condition key is only available in certain regions.

Regions supporting acs:VpcSourceIp

Public cloud

Region classification

Supported regions

China

China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Chengdu), Hong Kong (China)

Other countries and regions

Malaysia (Kuala Lumpur), Japan (Tokyo), Germany (Frankfurt), US (Virginia), US (Silicon Valley), Indonesia (Jakarta), UK (London), Philippines (Manila), Singapore, South Korea (Seoul), Thailand (Bangkok)

RAM policy example

Authorizes requests exclusively from the vpc-bp1717bghfnkqg5wn**** within the 172.168.XX.XX/24 CIDR block.

{
    "Statement": [
        {
            "Action": "kms:GenerateDataKey",
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "acs:SourceVpc": "vpc-bp1717bghfnkqg5wn****"
                },
                "IpAddress": {
                    "acs:VpcSourceIp": "172.168.**.**/24"
                }
            }
        }
    ],
    "Version": "1"
}

Key/secret policy example

Grants access exclusively to RAM user ramuser1 and from the VPC IP address 192.168.XX.XX.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "IpAddress": {
                    "acs:VpcSourceIp": [
                        "192.168.XX.XX"
                    ]
                }
            }
        }
    ]
}

acs:SecureTransport

Condition key

Description

Condition operation type

API operation

Value range

Policy type

acs:SecureTransport

Specifies whether a secure channel (HTTPS) is used to send the request.

Boolean

All OpenAPI operations of KMS. For a specific list, see API overview.

  • true

  • false

  • Custom policies of RAM

  • Key policy

  • Secret policy

RAM policy example

Allows users to execute any action on all KMS resources, provided the operation is conducted via a secure transport protocol (HTTPS).

       {
         "Version": "1",
         "Statement": [
           {
             "Effect": "Allow",
             "Action": "kms:*",
             "Resource": "*",
             "Condition": {
               "Bool": {
                 "acs:SecureTransport": "true"
               }
             }
           }
         ]
       }

Key/secret policy example

Grants access solely to RAM user ramuser1 via a secure channel (HTTPS).

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "acs:SecureTransport": "true"
                }
            }
        }
    ]
}

acs:CurrentTime

Condition key

Description

Condition operation type

API operation

Value range

Policy type

acs:CurrentTime

The time when the server receives the request.

Date and time

All OpenAPI operations of KMS. For a specific list, see API overview.

Specify the time in the ISO 8601 standard. The time must be in UTC. 

For example, 20:00:00 on January 10, 2024, Beijing time is represented as 2024-01-10T20:00:00+08:00 or 2024-01-10T12:00:00Z.

  • Custom policies of RAM

  • Key policy

  • Secret policy

Key/secret policy example: Grants access only to RAM user ramuser1 until 2099-12-31T12:00:00Z.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "DateLessThan": {
                    "acs:CurrentTime": "2099-12-31T12:00:00Z"
                }
            }
        }
    ]
}

acs:MFAPresent

Condition key

Description

Condition operation type

API operation

Value range

Policy type

acs:MFAPresent

Specifies whether multi-factor authentication (MFA) is used during user logon.

Boolean

All OpenAPI operations of KMS. For a specific list, see API overview.

  • true

  • false

  • Custom policies of RAM

  • Key policy

  • Secret policy

Key/secret policy example: Grants access only to RAM user ramuser1 when multi-factor authentication (MFA) is active.

{
    "Version": "1",
    "Statement": [
        {
            "Sid": "kms policy",
            "Effect": "Allow",
            "Action": "kms:*",
            "Principal": {
                "RAM": [
                    "acs:ram::1192853035****:user/ramuser1"
                ]
            },
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "acs:MFAPresent": [
                        "true"
                    ]
                }
            }
        }
    ]
}

KMS product condition keys (key-related)

kms:tag

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:tag

Allows you to manage permissions on API operations based on key tags.

String

  • Encrypt

  • Decrypt

  • ReEncrypt

  • ExportDataKey

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • GenerateAndExportDataKey

  • AsymmetricDecrypt

  • AsymmetricEncrypt

  • AsymmetricSign

  • AsymmetricVerify

  • GetPublicKey

  • DescribeKey

  • UpdateKeyDescription

  • EnableKey

  • DisableKey

  • CancelKeyDeletion

  • ScheduleKeyDeletion

  • ImportKeyMaterial

  • GetParametersForImport

  • DeleteKeyMaterial

  • CreateKeyVersion

  • DescribeKeyVersion

  • ListKeyVersions

  • UpdateRotationPolicy

  • SetDeletionProtection

Custom key tag.

  • Custom policies of RAM

  • Key policy

  • Secret policy

kms:EncryptionAlgorithm

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:EncryptionAlgorithm

Allows you to manage permissions on cryptographic operations based on encryption algorithms in requests.

String

  • Decrypt

  • Encrypt

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • ReEncrypt

  • AsymmetricDecrypt

  • AsymmetricEncrypt

  • ExportDataKey

  • GenerateAndExportDataKey

Encryption algorithm, such as SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_256, and ECIES_DH_SHA_1_XOR_HMAC.

For more information about encryption algorithms supported by KMS, see Key management types and key specifications.

  • Custom policies of RAM

  • Key policy

For instance, the following policy allows only RAM user key_ramuser1 to perform encryption, decryption, or re-encryption operations using the RSAES_OAEP_SHA_256 algorithm, ensuring secure and compliant use of encryption keys.

{
  "Sid": "Allow only one encryption algorithm with this asymmetric KMS key",
  "Effect": "Deny",
  "Principal": {
          "RAM": [
                    "acs:ram::119285303511****:user/key_ramuser1"
                ]
  },
  "Action": [
    "kms:Encrypt",
    "kms:Decrypt",
    "kms:ReEncrypt"
  ],
  "Resource": "*",
  "Condition": {
    "StringNotEquals": {
      "kms:EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
    }
  }
}

kms:EncryptionContext:${EncryptionContextKey}

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:EncryptionContext:${EncryptionContextKey}

Allows you to manage permissions on symmetric keys in KMS based on encryption context in encryption operations.

You can configure permissions based on key-value pairs in encryption context.

String

  • Decrypt

  • Encrypt

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • ExportDataKey

  • GenerateAndExportDataKey

Custom encryption context.

  • Custom policies of RAM

  • Key policy

For instance, the following policy allows all RAM users associated with Alibaba Cloud account 119285303511**** to generate data keys (kms:GenerateDataKey) when the value of Project in kms:EncryptionContext is ProjectA.

{
 "Effect": "Allow",
 "Principal": {
	 "RAM": [
	 "acs:ram::119285303511****:*"
	 ]
	},
 "Action": "kms:GenerateDataKey",
 "Resource": "*",
 "Condition": {
 "StringEquals": {
 "kms:EncryptionContext:Project": "ProjectA"
 }
 }
}

kms:EncryptionContextKeys

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:EncryptionContextKeys

Allows you to manage permissions on symmetric keys in KMS based on encryption context in encryption operations.

You can configure permissions based on keys in encryption context.

Array of strings

  • Decrypt

  • Encrypt

  • GenerateDataKey

  • GenerateDataKeyWithoutPlaintext

  • ExportDataKey

  • GenerateAndExportDataKey

Keys in key-value pairs that are included in EncryptionContext.

Key policy

For instance, the following policy allows all RAM users associated with Alibaba Cloud account 119285303511**** to generate data keys (kms:GenerateDataKey) when the key name Project is present in the encryption context.

{
 "Effect": "Allow",
 "Principal": {
	 "RAM": [
	 "acs:ram::119285303511****:*"
	 ]
	},
 "Action": "kms:GenerateDataKey",
 "Resource": "*",
 "Condition": {
 "StringEquals": {
 "kms:EncryptionContextKeys": "Project"
 }
 }
}

kms:ExpirationModel

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:ExpirationModel

Allows you to manage permissions on the ImportKeyMaterial operation based on the value of the ExpirationModel parameter in requests.

String

ImportKeyMaterial

  • KEY_MATERIAL_DOES_NOT_EXPIRE: Key material does not expire

  • KEY_MATERIAL_EXPIRES: Key material expires

  • Custom policies of RAM

  • Key policy

For instance, the following policy allows all RAM users associated with Alibaba Cloud account 119285303511**** to import key material (kms:ImportKeyMaterial) only if the key material's expiration model is KEY_MATERIAL_DOES_NOT_EXPIRE.

{
  "Effect": "Allow",
  "Principal": {
    "RAM": "acs:ram::119285303511****:*"
  },
  "Action": "kms:ImportKeyMaterial",
  "Resource": "*",
  "Condition": {
    "StringEquals": {
      "kms:ExpirationModel": "KEY_MATERIAL_DOES_NOT_EXPIRE"
    }
  }
}

kms:ValidTo

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:ValidTo

Allows you to manage permissions on the ImportKeyMaterial operation based on the value of the ValidTo parameter in requests.

You can use the condition key to allow users to import key material only before a specific date.

Date

ImportKeyMaterial

UNIX timestamp

  • Custom policies of RAM

  • Key policy

For instance, the following policy allows all RAM users associated with Alibaba Cloud account 119285303511**** to import key material only before June 20, 2024.

{
  "Effect": "Allow",
  "Principal": {
    "RAM": "acs:ram::119285303511****:*"
  },
  "Action": "kms:ImportKeyMaterial",
  "Resource": "*",
  "Condition": {
    "NumericLessThanEquals": {
      "kms:ValidTo": "1718841600"
    }
  }
}

kms:KeyOrigin

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:KeyOrigin

Allows you to manage permissions on API operations based on the Origin attribute of keys created by or used in operations.

You can use the condition key to manage permissions on the CreateKey operation or on key-related operations.

String

All key-related operations. For a specific list, see API overview.

  • Aliyun_KMS

  • EXTERNAL

  • KmsInstance

  • Custom policies of RAM

  • Key policy

kms:KeySpec

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:KeySpec

Allows you to manage permissions on API operations based on the KeySpec attribute of keys created by or used in operations.

String

All key-related operations. For a specific list, see API overview.

Key specifications. Example: Aliyun_AES_256 and RSA_2048.

For more information about key specifications supported by KMS, see Key management types and key specifications.

  • Custom policies of RAM

  • Key policy

For instance, the following policy permits all RAM users and roles associated with Alibaba Cloud account 119285303511**** to create keys (kms:CreateKey), but restricts creation to RSA keys only.

{
  "Effect": "Allow",
  "Action": "kms:CreateKey",
  "Principal": {
    "RAM": "acs:ram::119285303511****:*"
  },
  "Resource": "*",
  "Condition": {
    "StringLike": {
      "kms:KeySpec": "RSA_*"
    }
  }
}

kms:KeyUsage

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:KeyUsage

Allows you to manage permissions on API operations based on the KeyUsage attribute of keys created by or used in operations.

String

All key-related operations. For a specific list, see API overview.

  • ENCRYPT_DECRYPT: encryption and decryption

  • SIGN_VERIFY: signing and verification

  • Custom policies of RAM

  • Key policy

For instance, the following policy allows the creation of keys (kms:CreateKey), but only for the purpose of ENCRYPT_DECRYPT.

{
  "Effect": "Allow",
  "Action": "kms:CreateKey",
  "Resource": "*",
  "Condition": {
    "StringEquals": {
      "kms:KeyUsage": "ENCRYPT_DECRYPT"
    }
  }
}

kms:ScheduleKeyDeletionPendingWindowInDays

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:ScheduleKeyDeletionPendingWindowInDays

Allows you to manage permissions on the ScheduleKeyDeletion operation based on the value of the PendingWindowInDays parameter in requests.

Numeric value

ScheduleKeyDeletion

Scheduled deletion period of a key. Unit: days.

  • Custom policies of RAM

  • Key policy

For instance, the following policy denies all users and roles the ability to schedule key deletion (kms:ScheduleKeyDeletion) if the pending deletion window is 21 days or less.

{
  "Effect": "Deny",
  "Action": "kms:ScheduleKeyDeletion",
  "Principal": "*",
  "Resource": "*",
  "Condition": {
    "NumericLessThanEquals": {
      "kms:ScheduleKeyDeletionPendingWindowInDays": "21"
    }
  }
}

kms:SigningAlgorithm

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:SigningAlgorithm

Allows you to manage permissions on the Sign and Verify operations based on signing algorithms in requests.

String

  • AsymmetricSign

  • AsymmetricVerify

Signing algorithm. Examples: RSA_PSS_SHA_256 and ECDSA_SHA_256.

For more information about supported signing algorithms, see Key management types and key specifications.

  • Custom policies of RAM

  • Key policy

kms:WrappingAlgorithm

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:WrappingAlgorithm

Allows you to manage permissions on the GetParametersForImport operation based on the value of the WrappingAlgorithm parameter in requests.

String

GetParametersForImport

Wrapping algorithm.

For more information about wrapping algorithms supported by KMS, see Import symmetric key material and Import asymmetric key material.

  • Custom policies of RAM

  • Key policy

kms:WrappingKeySpec

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:WrappingKeySpec

Allows you to manage permissions on the GetParametersForImport operation based on the value of the WrappingKeySpec parameter in requests.

String

GetParametersForImport

Type of a wrapping public key.

For more information about wrapping public key types supported by KMS, see Import symmetric key material and Import asymmetric key material.

  • Custom policies of RAM

  • Key policy

KMS product condition keys (secret-related)

kms:tag

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:tag

Allows you to manage permissions on API operations based on secret tags.

String

  • DescribeSecret

  • GetSecretValue

  • PutSecretValue

  • UpdateSecret

  • UpdateSecretVersionStage

  • RestoreSecret

  • ListSecretVersionIds

  • RotateSecret

  • UpdateSecretRotationPolicy

  • DeleteSecret

Custom secret tag.

  • Custom policies of RAM

  • Secret policy

  • Key policy

kms:SecretName

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:SecretName

Allows you to manage permissions on API operations based on the value of the Secretname parameter in requests.

String

All secret-related operations. For a specific list, see API overview.

Custom secret name.

  • Custom policies of RAM

  • Secret policy

kms:EncryptionKeyId

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:EncryptionKeyId

Allows you to manage permissions on API operations based on the IDs of encryption keys in secret access requests.

String

  • CreateSecret

  • GetSecretValue

  • PutSecretValue

Key ID.

  • Custom policies of RAM

  • Secret policy

kms:SecretVersionId

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:SecretVersionId

Allows you to manage permissions on API operations based on the unique secret version IDs in requests.

String

  • GetSecretValue

  • PutSecretValue

The version number of the secret.

  • Custom policies of RAM

  • Secret policy

kms:SecretVersionStage

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:SecretVersionStage

Allows you to manage permissions on API operations based on the secret version status in requests.

String

  • GetSecretValue

  • UpdateSecretVersionStage

  • ACSCurrent

  • ACSPrevious

  • Custom secret version status

  • Custom policies of RAM

  • Secret policy

kms:SecretType

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:SecretType

Allows you to manage permissions on API operations based on the secret types in requests.

String

All secret-related operations. For a specific list, see API overview.

  • Generic: generic secret.

  • Rds: ApsaraDB RDS secret.

  • RAMCredentials: RAM secret.

  • ECS: ECS secret.

  • Redis: ApsaraDB for Redis secret.

  • Custom policies of RAM

  • Secret policy

kms:ForceDeleteWithoutRecovery

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:ForceDeleteWithoutRecovery

Specifies whether to forcefully delete the secret. If this parameter is set to true, the secret cannot be recovered.

Boolean value

DeleteSecret

  • true

  • false

  • Custom policies of RAM

  • Secret policy

kms:RecoveryWindowInDays

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:RecoveryWindowInDays

Specifies the recovery period of the secret if you do not forcibly delete it. Unit: days.

Numeric value

DeleteSecret

Number of days.

  • Custom policies of RAM

  • Secret policy

For instance, the following policy denies all users and roles the kms:DeleteSecret operation if the recovery window is set to 10 days or less.

{
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "kms:DeleteSecret",
      "Principal": "*",
      "Resource": "*",
      "Condition": {
        "NumericLessThanEquals": {
          "kms:RecoveryWindowInDays": "10"
        }
      }
    }
  ]
}

KMS product condition keys (others)

kms:TlsVersion

Condition key

Description

Condition operation type

API operation

Value range

Policy type

kms:TlsVersion

Allows you to manage permissions on API operations based on TLS versions in requests.

String

All authentication-related operations.

Note

APIs that do not involve authentication: For example, DescribeRegions.

1.2

  • Custom policies of RAM

  • Key policy

  • Secret policy

For instance, the following policy denies any operation on the specified key if the TLS version in the request is below 1.2.

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "kms:*",
            "Resource": "acs:kms:*:*:key/key-hzz653f1f8fybn5qa****",
            "Condition": {
                "NumericLessThan": {
                    "kms:TlsVersion": [
                        "1.2"
                    ]
                }
            }
        }
    ]
}

Appendix 1: Description of condition operation types

Conditional operators can be classified into the following categories: string, number, date and time, Boolean, and IP address.

Category

Conditional operator

String

  • StringEquals

  • StringNotEquals

  • StringEqualsIgnoreCase

  • StringNotEqualsIgnoreCase

  • StringLike

  • StringNotLike

Number

  • NumericEquals

  • NumericNotEquals

  • NumericLessThan

  • NumericLessThanEquals

  • NumericGreaterThan

  • NumericGreaterThanEquals

Date and time

  • DateEquals

  • DateNotEquals

  • DateLessThan

  • DateLessThanEquals

  • DateGreaterThan

  • DateGreaterThanEquals

Boolean

Bool

IP address

  • IpAddress

  • NotIpAddress