Introducing IBM Cloud Object Storage Firewall: Further Secure Your Data

Share this post:

IBM Cloud Object Storage Firewall

IBM Cloud Object Storage (COS) is giving you more control over who can access your data. We have introduced a new capability allowing you to configure your buckets with trusted IP address(es), and your users will only be able to access the data in COS if the request originates from this list of trusted IP addresses.

This new feature will bring additional security because it allows you to protect your data if credentials are leaked, preventing a malicious user from access the data from non-configured IP (e.g., home office). Also, if your goal is public isolation and disabling public endpoints, you will be able to achieve do so by configuring the trusted IP addresses. Users will need to be set up with proper IBM Cloud Identity and Access Management (IAM) permissions in order to access the data.

Steps to configure firewall on your bucket

You can configure a list of authorized IPs on your bucket using either the IBM Cloud console or the COS resource configuration API. Before you begin, ensure you have Manager service role access to the bucket you are about to configure.

  1. From the IBM Cloud console, select Resource List from the navigation menu in the left corner and then select Storage in your resource list.
  2. Select the COS service instance where your buckets are. It will take you to COS Object Storage console.
  3. Pick the bucket to which you want to restrict access to authorized IP addresses.
  4. Choose Access policies from the navigation menu.
  5. Select the Authorized IPs tab.
  6. Click Add IP addresses, then choose Add.
  7. Add a list of IP addresses in CIDR notation. For example,, fe80:021b::0/64. Addresses can follow either IPv4 or IPv6 standards. Click Add.
  8. Save the list.

Once configured, your users will be allowed to access all the data in this bucket from these configured IP addresses. If your users want to upload new objects in this bucket, they will be allowed to do so from these configured IP addresses only.

Note: As a Manager on the bucket, you will be able to view and edit the list of authorized IP addresses from any IP address to prevent accidental lockouts.

Great! You have successfully restricted access to your data based on the user’s IP address. Any requests on this bucket outside of the configured IPs will be denied access.

Additional resources

More stories
May 1, 2019

Two Tutorials: Plan, Create, and Update Deployment Environments with Terraform

Multiple environments are pretty common in a project when building a solution. They support the different phases of the development cycle and the slight differences between the environments, like capacity, networking, credentials, and log verbosity. These two tutorials will show you how to manage the environments with Terraform.

Continue reading

April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 29, 2019

Transforming Customer Experiences with AI Services (Part 1)

This is an experience from a recent customer engagement on transcribing customer conversations using IBM Watson AI services.

Continue reading