Context-based restrictions (CBRs) give account owners and administrators the ability to define and enforce access restrictions for IBM Cloud resources based on the context of the access request (e.g., network attributes). In an IBM Cloud account, both Identity and Access Management (IAM) policies and CBRs enforce access, so context-based restrictions can offer protection even in the face of compromised or mismanaged credentials or privileges.

To get you started with CBRs, we just published a new tutorial, “Enhance cloud security by applying context-based restrictions.” It helps you learn about CBRs to protect your cloud resources. The tutorial leverages our existing tutorial “Apply end-to-end security to a cloud application” and its sample code, and it also adds an extra layer of security. The diagram below shows the solution architecture of the existing security tutorial. The additional boxes with dashed, blue lines around some components denote CBRs implemented as context rules.

In this blog post, I’ll briefly introduce context-based restrictions. Then I’ll show you how to learn more and be able to implement, test and monitor CBRs with the help of our new tutorial: