Skip to content
Products
Platform
Developer Tools
Portal

How to control access to your instance

Last updated on

Observability is a service that is available on the Internet. Thus, it is accessible to everyone by default.
If you want to restrict access to an instance of Observability for specific address ranges, you can store an access control list (ACL).

Once configured, an IP filter prevents access from other Internet addresses to your Observability instance. Access is regulated for the ports of your:

  • Grafana
  • Metrics
  • Logs
  • Traces

This ACL only filters the access for this specific instance. If you work with multiple instances, you must configure the ACL for each instance individually.

Find your current IP address

Section titled “Find your current IP address”

If you want to allow access for your local machine, you can find your current public IPv4 address using the Cloudflare Trace Tool.

Copy the value shown after ip=, append /32 (which represents a single IP address), and add it to your ACL configuration.

Configure ACL via the Portal

Section titled “Configure ACL via the Portal”

You can manage your ACL directly in the STACKIT portal:

  1. Open your Observability service.
  2. In the Overview tab, navigate to the Access control (ACL IP Ranges) section.
  3. Click Edit.
  4. Click Add IP Range.
  5. Enter your IPv4 address or CIDR network range (for example 203.0.113.15/32).
  6. Click Save.

Configure ACL via the API

Section titled “Configure ACL via the API”

For a complete list of all available endpoints, parameters, and schemas, refer to the STACKIT Observability ACL API Specification.

CIDR format

Section titled “CIDR format”

Address ranges are specified in Classless Inter-Domain Routing (CIDR) format. By default, the CIDR is 0.0.0.0/0, which allows full access from anywhere.

Get current ACL

Section titled “Get current ACL”

You can output the current ACL configuration of your instance:

Command:

Terminal window
stackit curl -X GET "https://argus.api.eu01.stackit.cloud/v1/projects/$PROJECT_ID/instances/$INSTANCE_ID/acl" \
  -H "accept: application/json"

Response:

{
  "message": "Successfully got acl",
  "acl": []
}

Create and change a new ACL

Section titled “Create and change a new ACL”

The ACL must always be completely rewritten (replaced), even if you only want to change or add a single value:

Command:

Terminal window
stackit curl -X PUT "https://argus.api.eu01.stackit.cloud/v1/projects/$PROJECT_ID/instances/$INSTANCE_ID/acl" \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data '{
  "acl": [
    "192.168.1.0/24",
    "193.248.122.0/24",
    "193.218.22.0/28"
  ]
}'

Response:

{
  "message": "Successfully updated acl"
}

Delete ACL

Section titled “Delete ACL”

To delete the ACL and restore default full access, send a PUT request with an empty array:

Command:

Terminal window
stackit curl -X PUT "https://argus.api.eu01.stackit.cloud/v1/projects/$PROJECT_ID/instances/$INSTANCE_ID/acl" \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data '{
  "acl": []
}'

Response:

{
  "message": "Successfully updated acl"
}