AEM as a cloud service is by default accessible via the internet. While security is handled through user authentication and authorization, IP allow-listing is a way to limit access only to trusted IP addresses.
Cloud Manager’s IP allowlists can be used to limit and control access only to such trusted IP addresses. Cloud Manager users with appropriate permissions can create allowlists of trusted IP addresses from which their site’s users can access their AEM domains.
After adding, IP allowlists can be applied/unapplied multiple times as a unit or entity to an author and/or publisher service in an environment.
If no IP allowlist is applied, by default all IP addresses are allowed. When an IP allowlist is applied, no IP addresses are allowed except for addresses on the IP allowlist.
There are several limitations to IP allowlists to keep in mind.