Skip to content
Products
Platform
Developer Tools
Portal

How to control access to your Observability instance

Observability is a service that is available on the Internet. Thus, it is accessible to everyone.
If you want to restrict access to an instance of Observability for a specific address range, you can store an access control list (ACL) in the Observability API for this purpose.

Afterwards, an IP filter prevents access from other Internet addresses to your Observability instance.
Access is regulated for the ports of your:

  • Grafana
  • Metrics
  • Logs
  • Traces

This ACL only filters the access for this one instance. If you work with multiple instances, you must create the ACL for all other instances too.

Prerequisite

Section titled “Prerequisite”

To access the API gateway, you need a service account, which can be created via the portal.

Configuration of your Access control list (ACL)

Section titled “Configuration of your Access control list (ACL)”

CIDR format

Section titled “CIDR format”

Address ranges are specified in Classless Inter-Domain Routing (CIDR) format.
The default CIDR is always 0.0.0.0/0 at the beginning. This gives them full access.

Get current ACL

Section titled “Get current ACL”

Output of the current ACL configuration:

Terminal window
curl --location --request GET \
  'https://argus.api.stackit.cloud/v1/projects/{projectid}/instances/{instanceid}/acl' \
  --header 'accept: application/json' \
  --header 'Authorization: Bearer {service_account_token}'


{"message":"Successfully got acl","acl":[]}

Create and change new ACL

Section titled “Create and change new ACL”

The ACL must always be rewritten, even if only one value has changed:

Terminal window
curl --location --request PUT \
  'https://argus.api.stackit.cloud/v1/projects/{projectid}/instances/{instanceid}/acl' \
  --header 'accept: application/json' \
  --header 'Authorization: Bearer {service_account_token}' \
  --header 'Content-Type: application/json'
  -data '{
  "acl": [
    "192.168.1.0/24",
    "193.248.122.0/24",
    "193.218.22.0/28"
  ]
}'


{"message":"Successfully updated acl"}

Delete ACL

Section titled “Delete ACL”

The ACL can be deleted with following command:

Terminal window
curl --location --request PUT \
  'https://argus.api.stackit.cloud/v1/projects/{projectid}/instances/{instanceid}/acl' \
  --header 'accept: application/json' \
  --header 'Authorization: Bearer {service_account_token}' \
  --header 'Content-Type: application/json'
  -data '{
  "acl": []
}'


{"message":"Successfully updated acl"}