The global security policy includes Deny communication by default and Global allowlist. You have already made initial settings for Deny communication by default and Global allowlist when deploying the ANS service, and Logging is disabled by default. If you need to change this setting, or manually import or export the global security policy, you can refer to the following procedure.
Enter the AOC Network and security page, click Security policy, and find the ANS service for which you want to modify the global policy in the Global security policy tab.
Click the ANS service and click Edit in the details panel; or click the ellipsis (...) on the right side of the ANS service and select Edit.
Reset Deny communication by default, Logging, and Global allowlist, then click Save.
You can also select multiple policies in the list, click Edit logging status, and batch modify the status of logs.
The ANS service supports importing and exporting the global allowlist, but does not support importing or exporting default communication policy settings.
To add the same global allowlist to different ANS services, you can first export the existing global allowlist from one ANS service, and then import the exported file into another ANS service. Additionally, to avoid accidentally deleting the global allowlist, you can export these allowlists as a backup and import them when you need to restore them.
Enter the AOC Network and security page, select Security policy, and under the Global security policy tab, find the ANS service from which you need to export the global allowlists.
Click the ellipsis (...) on the right side of the global security policy and select Export. The global allowlists will be automatically exported as a .json format file.
Importing a global security policy is one way to add a global allowlist. After import, it will not affect the existing global allowlists in the target ANS service or the policy status of the global allowlist.
Procedure
Enter the AOC Network and security page, select Security policy, click Create security policy in the upper right corner of the page, and select Import global security policy.
In the pop-up Import global security policy dialog box, select the ANS service to which you want to import the global allowlist.
Upload the policy file in .json format.
After the file is uploaded, you can view the details of the global allowlists to be imported in the policy preview. After confirming that everything is correct, click Next.
Confirm the resource changes after import, and click Import when finished.
Information:
- If AOC already contains the services in the imported allowlist, the imported allowlist will directly use these services.
- If the services in the imported allowlist do not exist in AOC, these services will be automatically created and used by the imported allowlist.
