IP address conditions in AWS IAM policies for enhanced security

Define IP address conditions in AWS IAM policies for enhanced security.

Site24x7 makes programmatic calls to your AWS account using access keys (Secret Access Key and Access Key ID) or RoleARN to gather metrics of supported AWS resources, mentioned in the IAM policy document. For extra security, the user can define conditions under which IAM policies allow access to a particular AWS resource. This can be done when you are creating a new IAM policy or when you are pasting the custom IAM policy (maintained by Site24x7) in the policy editor.

IP address condition operator
Using the conditional operator "IpAddress," you can define conditional elements in the IAM policy assigned to Site24x7. Once setup, the conditional operator will only allow requests originating from the specified IPv4 or IPv6 address. By doing this, you can lock down the AWS IAM policy for your account and ensure only Site24x7's IP addresses can access it. 
The basic format of a conditional element consists of a conditional operator and a key value pair.

Conditional operator: "IpAddress"
Key: "aws:SourceIp"
Value: "Individual IPv4 or IPv6 address or IP address range" 
For unrestricted monitoring of your AWS services, we suggest you whitelist both the IP addresses of our California and Dallas Data centers.

    • Related Articles

    • How to provide ReadOnly access to your AWS resources via the AWS IAM console?

      Grant access to your AWS account Site24x7 makes programmatic API calls to your AWS resources to collect performance metrics and metadata. For this to occur, you (AWS account holder) need to grant access and connect your AWS account with Site24x7. An ...

    • Automating your IP whitelisting

      For an uninterrupted monitoring experience, IP addresses of Site24x7's monitoring locations should be whitelisted in your firewall policy. Read this article to know more.Now, Site24x7 has mapped all the IP addresses of our global monitoring locations ...

    • Policy and permissions required by Site24x7 to access your AWS resources.

      For a comprehensive AWS infrastructure monitoring, Site24x7 needs to auto-discover all instances of various supported services currently running in your account. For this to happen, you need to authenticate and authorize Site24x7 to access your AWS ...

    • Tag-based service discovery for AWS resources

      While you integrate your AWS account with Site24x7, add tags that enable you to control which AWS resource must get discovered and monitor them. Perform Include and Exclude tags operation simultaneously along with an OR/AND logic to filter the AWS ...

    • Set up a password expiry policy

      Zoho Single Sign on lets you set a password policy for a more secure login to your Site24x7 account. Setting a password policy lets you,  define how often the password for your organization users needs to be reset define how complex your password ...