Hi,
Context:
Foundry stacks host the most critical data of an enterprise. In addition, Foundry offers good connectivity options (APIs, JDBC, S3-compatible API, …) which positions it as platform for data sharing with external organisations.
Some Foundry stacks are behind IP Allowlists or Ingress Rules. For certain project spaces or users it would be beneficial to overwrite those rules to allow for more flexibility.
The ask is to provide an equivalent feature to Snowflake network polices:
https://docs.snowflake.com/en/user-guide/network-policies#network-policy-precedence
In Foundry’s case, allow setting of ingress IP rules on a project or user level.
Why we cannot do it today:
Frontdoor only supports Ingress Rules on a stack level.
Workarounds:
No workarounds possible.
Benefits: :
Provide additional layer of security for TPA Service User against phishing and miss-use.