I want to run a build on netlify, that connects to Mongo Atlas - our atlas is protected by a firewall. could you provide me with a list of IP to whitelist?
I don’t recommend IP whitelisting because the list would have to be refreshed regularly as sometimes new servers appear or others disappear, so whitelisting would be quite unreliable.
However there probably are some IP whois informations to identify Netlify servers on. (Somebody from Netlify would know more about this point)
What is your firewall? Is it your routers one? Is it something like iptables? Or is it your Atlas servers software integrated one?
Good instincts, @niansa! IP whitelisting will not work with our service. Builds, in particular, are on very transient IP’s within the GCE cloud and change constantly.
You could run something like a secret proxy which you allowed our builds to connect to, if you wanted, but that is not really adding much in terms of security, except obscurity, which of course is no real security at all.
The general use pattern for “must contact protected resource from within builds” is to use some form of authentication like password, or maybe SSH key (kinda convoluted to put it in there, but I’ve written up an example here:
It’s managed by Atlas
OK. What does that mean, for those of us who are not their customer?
We restricted access to our mongoDB cluster only to our Infrastructure on AWS @shrikster could shed more light into this process. I only know that Our mongoDB cluster on Atlas is not responding when I’m try to connect via code running on netlify
I expect that the answer I gave earlier, if you relayed it to them, would answer their question (probably not possible in the way you’d like).
@wildcard how did you manage to resolve this issue in the end?
we deployed a replica / mirorr collection of our Db that’s not behind Company firewall (it’s not idle) but netlify doesn’t provide peer connection solution or predictable build nodes so… No other option
Netlify could provide a predictable outgoing connection to external servers (it seems like out of scope for them…)
IMHO enterprise customers will want this solutions.
Thanks for the update. Yes totally agree this functionality will likely be very important for many enterprise clients.
Yup, and we do have an open feature request tracking it Just don’t have any great ideas for implementing in a reliable way, or we would have done so already.
Should that feature request get implemented, I’ll follow up in this thread!