Grafana Cloud
Security and account management
Authentication and authorization
Grafana Cloud Access Policies
IP range based access controlUse IP range based access control with access policies
IP range based access control creates access policies that allow access to Grafana Cloud services, like metrics or logs, only from specific IP subnets. Connections initiated from IP addresses that are not part of the configured subnets are denied during token validation.
CIDR notation is used to specify the IP subnets. Both IPv4 and IPv6 subnets are supported.
Note that CIDR notation does not allow for specifying individual IP addresses without a subnet mask. Therefore, to specify a single IP address, use the /32 subnet mask for IPv4 and /128 for IPv6.
IP range based access control can be configured using the Grafana Cloud Access Policies API or Grafana Cloud Access Policies page within a stack or on the Cloud Portal.
Set up IP range based access control
There’s supposed to be a video here, but for some reason there isn’t. Either we entered the id wrong (oops!), or Vimeo is down. If it’s the latter, we’d expect they’ll be back up and running soon. In the meantime, check out our blog!
Caveats
- IP range-based access control is incompatible with the access policies applied to Grafana data sources.
- IP range based access control is supported by the endpoints matching any of the following patterns:
*-ap-northeast-0.grafana.net
*-ap-south-(0|1).grafana.net
*-ap-southeast-(0|1).grafana.net
*-au-southeast-(0|1).grafana.net
*-ca-east-0.grafana.net
*-eu-north-0.grafana.net
*-eu-west-(0|1|2).grafana.net
*-gb-south-0.grafana.net
*-sa-east-(0|1).grafana.net
*-us-central-0.grafana.net
*-us-central1.grafana.net
*-us-east-(0|1).grafana.net
*-us-east4.grafana.net
*-us-west-0.grafana.net
logs-prod-(004|005|008|011|014|015|016|017|019|022|027).grafana.net
logs-prod3.grafana.net
profiles-prod-(003|009|010|011|012|013|014).grafana.net
