AWS filtering to Mendix environments

0
Mendix version is 8.4.1 but I think this does not matter to the question. Currently I’m deploying some REST services on AWS. I would these resources to only be accessable from our Mendix environments, our office and some other IP-based locations. The configuration in AWS allows me to base these access rules on either of these 3 options: CIDR IP addresses Security Groups   Note: In the above there is no option for domain based access. In our case I will not be able to filter out our mendix environments by allowing *.mendix.com or *.ourporject.mendix.com. Since there is no such option I would like to know what my other options are. I don’t think mendix has a dedicated CIDR range that I can whitelist? So far I found my only viable option to be regulating the mendix environments based on their IP-addresses. We use production, acceptance and test as servers. I don’t know how often these addresses change however and it’s not easy to maintain these.   What are my options and has someone already been in a similar position?
asked
1 answers
1

The outgoing IP addresses don’t change that often, but are subject to change.

Mendix will notify you of changes 48h in advance, see https://docs.mendix.com/developerportal/deploy/mendix-ip-addresses

Whether limiting the access based on the outgoing IP addresses is a sound idea is up to you, but as the different apps in one of the clouds all use the same address for the outgoing connection (see documentation) this doesn’t seem to be a secure solution to me. I would setup authentication and or certificates to secure these REST services.

answered