How to only let my Vault be accessed by one IP address?

I am wondering how I can make it so no one can use the API except 1-2 IP addresses. For example, someone may try to do a GET request, but permission denied. My IP address tries to do the GET request, and it works. How can I do something like that?