Project/User specific Ingress Rules

Hi,

Context:

Foundry stacks host the most critical data of an enterprise. In addition, Foundry offers good connectivity options (APIs, JDBC, S3-compatible API, …) which positions it as platform for data sharing with external organisations.

Some Foundry stacks are behind IP Allowlists or Ingress Rules. For certain project spaces or users it would be beneficial to overwrite those rules to allow for more flexibility.

The ask is to provide an equivalent feature to Snowflake network polices:

https://docs.snowflake.com/en/user-guide/network-policies#network-policy-precedence

In Foundry’s case, allow setting of ingress IP rules on a project or user level.

Why we cannot do it today:

Frontdoor only supports Ingress Rules on a stack level.

Workarounds:

No workarounds possible.

Benefits: :

Provide additional layer of security for TPA Service User against phishing and miss-use.

2 Likes

Hello,

Thank you for the feature request, which has been passed along to the product team. Out of curiosity, would you say in your case you would find project-based or user-based ingress policies to be more valuable for your use cases?

Nicolas

If I would have to make a choice, user-based ingress rules would be more important for us.