Soracom Product Updates logo

Product Updates

Soracom is IoT connectivity with powerful APIs that enable you to build world class applications

Subscribe to Updates
  • 日本語

Labels

  • All Posts
  • Feature
  • Improvements
  • Devices
  • Announcement
  • Beta
  • Deprecation
  • End of Support

Jump to Month

  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
FeatureImprovements
2 months ago

IPv6 addresses now supported in SAM User Permissions and Switch User Trust Policies

Soracom Access Management (SAM) permissions can be configured to allow or deny access based on IP addresses, both in SAM User permission statements and Switch User trust policy statements. IP addresses are specified using the sourceIp variable and the ipAddress function.

With this update, the sourceIp variable and the ipAddress function now support IPv6 addresses. This means that, in addition to IPv4 addresses, you can now also manage access using IPv6 addresses when configuring SAM User permissions and Switch User trust policies.

Important Considerations When Denying Access by IPv4 Address

Please note that if you have configured a rule to deny access based on an IPv4 address such as in the permission statement example below, the deny rule will only be enforced for IPv4 addresses and a user will be able to bypass the rule by accessing using an IPv6 address.

{
  "statements": [
    {
      "effect": "allow",
      "api": [
        "Sim:*",
        "Group:*"
      ]
    },
    {
      "effect": "deny",
      "api": [
        "Sim:*",
        "Group:*"
      ],
      "condition": "ipAddress('xxx.xxx.xxx.xxx/24')"
    }
  ]
}

In general, we do not recommend denying access based on IPv4 or IPv6 addresses, since a user can easily change their IP addresses and bypass restrictions.

Instead, we recommend configuring access to explicitly allow specific IP addresses or IP address ranges that you own or control, as shown in the following example:

{
  "statements": [
    {
      "effect": "allow",
      "api": [
        "Sim:*",
        "Group:*"
      ],
      "condition": "ipAddress('yyy.yyy.yyy.yyy/24')"
    }
  ]
}

If you have any questions, please feel free to contact Soracom Support.