Introduction to IP Allow Lists introduction
Learn how IP Allow Lists can limit from which addresses users can access domains in AEM as a Cloud Service.
Overview overview
AEM as a cloud service is by default accessible by way of the Internet. While security is handled through user authentication and authorization, IP allow-listing is a way to limit access only to trusted IP addresses.
Cloud Manager鈥檚 IP Allow Lists can be used to limit and control access only to such trusted IP addresses. Cloud Manager users with appropriate permissions can create and add IP Allow Lists of trusted IP addresses from which their site鈥檚 users can access their AEM domains.
After adding, IP Allow Lists can be applied or unapplied multiple times as a unit or entity to an author service, or a publisher service, or both, in an environment.
Usage notes usage-notes
- A maximum of 50 IP Allow Lists can be added to your program.
- A maximum of 50 IP/CIDR addresses can be added to each IP Allow List.
- IP Allow List names are supported in Cloud Manager for author service, or publish service, or both, in an environment.
Front-End Pipelines and IP Allow Lists front-end-pipeline
If you use鈥攐r intend to use鈥攖he front-end pipeline to develop sites, the following Cloud Manager IP Allow List must be added beforehand.
When you add the IP Allow List, name it Cloud Manager, then copy the list of addresses below and paste them into the IP Allow List dialog box.
52.254.106.192/28
20.186.185.181
52.254.106.240/28
52.254.107.128/28
52.254.105.192/28
52.254.106.176/28
20.186.185.227
52.254.106.144/28
52.254.107.64/28
20.186.185.239
20.22.83.112
52.254.107.80/28
52.254.107.144/28
52.254.106.224/28
20.14.241.153
52.254.107.0/28
52.254.107.32/28
52.254.106.208/28
40.70.154.136/29
52.254.106.160/28
52.254.107.16/28
52.254.106.0/28
4.152.211.251
To avoid disruption of running the front-end pipeline, ensure that this Cloud Manager IP Allow List is added. Then, apply the list to the Author environment before you enable the pipeline.
See Apply IP Allow List and Enable front-end pipeline for more information.
The Universal Editor and IP Allow Lists universal-editor
If you intend to use the Universal Editor to author your content, you must add the IP addresses that the Universal Editor Service uses to an Allow List and apply it.
- Retrieve the IP addresses used by the Universal Editor Service from the following API endpoint: http://universal-editor-service.adobe.io/ip-ranges.
- Create an allow list with those IP addresses, naming it Universal Editor Serviceor similar.
- Apply the Universal Editor Serviceallow list.
The list of IP addresses used by the Universal Editor Service is subject to change and you must update your allow list accordingly.