Why am I blocked from ordering a public certificate or generating IAM credentials?
You try to use IBM Cloud® Secrets Manager to order public certificates or generate IAM credentials, but the service is unable to complete the action.
You're working in an IBM Cloud account that has IP address access restrictions. When you try to use a feature in Secrets Manager that requires a user-provided IBM Cloud API key, for example when you generate IAM credentials, you encounter an error similar to the following examples:
IAM credentials couldn't be regenerated because IP address restrictions are enabled for the account. Update the IP address settings in your account to include IP addresses for Secrets Manager and try again.
Cloud Internet Services (CIS) couldn't be reached because IP address restrictions are enabled for the account. Update the IP address settings in your account to include IP addresses for Secrets Manager and try again.
These errors can occur when Secrets Manager attempts to log in to the target account with the configured API key in order to complete the request. However, the service is unable to do so because the account allows access to specific IP addresses only. To allow the account to accept requests from Secrets Manager, you must specify an allowlist of IP addresses, along with your own IP address.
To resolve the issue, ensure that the IP address restriction settings in the account are updated to allow the IP addresses that correspond with the region in which your Secrets Manager is located.
- In the IBM Cloud console, click Manage > Access (IAM), and select Settings.
- From the Account restrictions section, edit the IP address access setting.
- In the Allowed IP addresses field, include the allowlist of IP addresses that you defined based on the locations where access requests originate. For more information, see Managing access with context-based restrictions.