ÃÛ¶¹ÊÓƵ

Documentation

AEP - Advice about IP range whitelisting for Event Forwarding instances

Last update: Thu Sep 05 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

This article offers recommendations regarding the IP addresses of the Edge server while making an API call via ÃÛ¶¹ÊÓƵ Experience Platform’s Event Forwarding. It further advises against allow-listing or blocking egress IP addresses, and answers additional questions about customer asset isolation and securing endpoint connections in multi-tenant systems.

Description description

Environments

  • ÃÛ¶¹ÊÓƵ Experience Platform (AEP)
  • Real-time Customer Data Platform (RT-CDP)

Issue

Trying to make an API call via AEP Event Forwarding (using event forwarding to send the data to our API).

Are there IPs of the Edge server from which Event Forwarding would make the http API calls?

Resolution resolution

The Product Team advises that we do not control the egress IP addresses and highly recommend not allow-listing or blocking them in any way. These rotate and are used by companies other than ÃÛ¶¹ÊÓƵ since they are cloud vendor based and the possibility exists that allow-listing a range might potentially allow-list a bad actor accidentally.

This is not abnormal for cloud-based multi-tenant systems.

Here are two more questions that you may also have in mind:

  1. If Event Forwarding is a multi-tenant system, how are customer assets isolated?
    We logically segment all customer environments. So within ÃÛ¶¹ÊÓƵ usage, there are no shared implementations between customer runtime environments. However, the configuration database that generates the runtime files is shared between customers at this time. This has always been the case for Tags and Event Forwarding.
  2. How are endpoint connections best secured between the ÃÛ¶¹ÊÓƵ edge runtime environments and the customer designated endpoints?
    The Secrets service is designed to secure the connections from a credential standpoint and all of the outbound fetch requests are served over secure transport connections.

Refer to this document for information relating to Data Encryption as well as mTLS (Mutual Transport Layer Security) protocol support.

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f