This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

What is the best practice for IP whitelisting

Posted on 03-07-2017 03:10 AM
karlapudiravi
New Member
Reply posted on --/--/---- --:-- AM

Hi All,

I have a Private Cloud install on AWS and you would like to know if the whitelisting should be done on AWS security group level or the code level using Access Control Policy.

Also the back end services would be whitelisted to receive requests from APIGEE sandbox only.

can you please suggest on the best practice of IP Whitelisting.

Regards,

Ravi.

0 1 1,241
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
akoo
New Member
Reply posted on --/--/---- --:-- AM

For northbound(which is the only option where Access Control Policy makes sense):

If you whitelist in the AWS layer, you avoid further processing in Edge. This would be optimal in many cases.

But... there is some additional flexibility if you stop traffic in Edge, instead. SourceAddress field in Edge is not run-time configurable at this time, so any updates to IP addresses will require redeployment. But you could create a JS callout that is run-time configurable to whitelist traffic-- it will require you to recreate the Access Control Policy in JS.

AWS security group level or other means may provide you flexibility outside of this, so the answer is: it depends on your requirements.

0 Likes