Egress Proxy Broker #1642
Comments
|
This problem is solved by https://github.com/GSA-TTS/cg-egress-proxy |
|
It's really not. This should be a brokerable service, rather than yet-another-component that needs to be understood, deployed, operated, and documented in the application's SSPP. You have a huge opportunity here to reduce toil for your customers! |
|
Good point. I'll reopen it. |
|
Maybe change the title from |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What we're after
We want a broker that will let users add allow rules to spaces with restricted egress ASGs
Currently users have to manually set up their app to use a proxy in a public egress space, and then manage their own deployment of https://github.com/GSA-TTS/cg-egress-proxy
Instead, a user should be able to specify: "please bind this app to this provisioned domain allowlist". The implementation just so happens to involve configuring a deployed egress proxy with that allowlist in an egress-unrestricted, platform-managed space, but the user doesn't need to know how it happens.
Further context
This will make a more turn-key solution for users wanting filtered egress
Security considerations
This broker will need admin credentials on the platform
Notes for implementers
The easiest-lift here is most likely brokerpak + terraform. We can probably get help from @mogul to flatten the learning curve.
The text was updated successfully, but these errors were encountered: