search

Azure / reliable-web-app-pattern-java

The reliable web app pattern is a set of objectives to help your web application converge on the cloud. This repo contains a reference implementation of a reliable web application for Java.
https://aka.ms/eap/rwa/java/doc
MIT License
54 stars 35 forks source link

Use CIDR/16 for firewall #149

Closed KSchlobohm closed 1 year ago

KSchlobohm commented 1 year ago

Background

Some test scenarios show that testing from an office space can yield multiple outbound IP addresses that rotate as a user is testing the content. We use firewall rules to restrict access to Key Vault and Azure Storage so it's possible that readers experience multiple symptoms from this issue:

  1. The terraform process can lose access to managing the resource and deletion must be performed through the portal. A devOps build captured this error here example
  2. The reader is not able to upload resources to the Azure storage account which causes errors during the azd provision post provision event.
  3. The reader is unable to save Key Vault secrets because the firewall rule provides access to the wrong IP address.

Change requested

Update the "http" data block to use a new API endpoint and then adjust the CIDR notation to a more openly accessible address space to increase the odds that multiple IP addresses can be successful when performing the operations listed above.

Reasoning

  1. We saw that the current endpoint had an invalid certificate associated when we were testing
  2. We persistently saw that other endpoints had different results than the current endpoint and we want to avoid using a CDN provider as there could be network changes applied for "route-to-nearest" features.
KSchlobohm commented 1 year ago

Closed by #145