IBM Cloud has introduced a new security feature called time-based restrictions, which allows users to set specific time and date ranges for accessing resources. This feature provides an additional layer of security by limiting access to certain periods, either for a one-time event or as recurring windows, such as maintenance windows.

The time-based restrictions can be added when creating a new access policy through IBM Cloud’s Identity and Access Management (IAM). These restrictions can be set up through the browser UI, CLI, or API/SDK, depending on the user’s preference. By implementing time-based restrictions, users can automate resource deployment and access privileges while ensuring that access is only granted during specified timeframes.

Use Case: Workshops and Hackathons

For short-lived projects like workshops and hackathons, time-based restrictions are particularly useful. Users can deploy resources and IAM privileges using tools like Terraform and set the access policies to be active only during the duration of the event. This eliminates the need to manually destroy resources and revoke access after the event, as the restrictions automatically cut off access once the specified time frame expires.

Here is an example of how time-based restrictions can be implemented using Terraform:

 rule_conditions {
    key = "{{environment.attributes.current_date_time}}"
    operator = "dateTimeGreaterThanOrEquals"
    value = ["2023-07-19T09:00:00+01:00"]
  }
  rule_conditions {
    key = "{{environment.attributes.current_date_time}}"
    operator = "dateTimeLessThanOrEquals"
    value = ["2023-07-26T09:00:00+01:00"]
  }
  rule_operator = "and"
  pattern = "time-based-conditions:once"

By leveraging time-based restrictions, users can have greater flexibility in managing administrative tasks and reduce the attack surface by limiting access to specific timeframes. This feature is a valuable addition to IBM Cloud’s existing security capabilities.

Summary

IBM Cloud’s new time-based restrictions feature allows users to set specific time and date ranges for accessing resources. By implementing these restrictions, users can automate resource deployment and privilege assignment while ensuring that access is only granted during specified timeframes. This feature is particularly useful for short-lived projects like workshops and hackathons. By applying time-based restrictions, users can enhance cloud security and reduce the attack surface.

FAQ

How do time-based restrictions work?

Time-based restrictions allow users to set specific time and date ranges for accessing resources. These restrictions can be specified for one-time events or recurring maintenance windows. By implementing these restrictions, access to resources is automatically cut off once the specified time frame expires.

Can time-based restrictions be set up through the browser UI?

Yes, time-based restrictions can be set up through IBM Cloud’s Identity and Access Management (IAM) browser UI. Alternatively, users can also utilize the CLI or API/SDK to configure these restrictions.

What are some use cases for time-based restrictions?

One use case for time-based restrictions is in short-lived projects like workshops and hackathons. By setting up these restrictions, users can automate resource deployment and privilege assignment, ensuring that access is only granted during the duration of the event.

How do time-based restrictions enhance cloud security?

By limiting access to specific timeframes, time-based restrictions reduce the attack surface and provide an additional layer of security. This feature ensures that resources are only accessible during the specified time and date ranges, minimizing the risk of unauthorized access.