ggLeap and ggRock Network Communication Requirements

This article aims to provide network communication requirements for cloud-hosted ggCircuit services

Fastly: ggLeap API runs through Fastly, requiring their outbound IPs for API access. These IPs change periodically, so subscribing to updates is recommended.
- IP list: https://api.fastly.com/public-ip-list

AWS: Add AWS IP ranges for SQS (tcp/443) and API gateway (tcp/443) to enable ggLeap client-to-backend communication (non-API).
- IP list: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

Note:

Addresses listed for API_GATEWAY are egress-only; no specific subset exists for SQS or API Gateway ingress.

Cloudflare: Alow Cloudflare IP ranges.
- IP list: https://www.cloudflare.com/ips/

Use these PowerShell commands to extract IP ranges from the AWS JSON file:

Get and filter IPv4 IP prefixes:

Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix

Note:
This outputs a list of IPv4 IP prefixes for configuring your network firewall or security group rules.

Firewall/Security Groups: Ensure your firewall or security group rules allow both inbound and outbound traffic to/from the specified IP ranges on the necessary ports (primarily tcp/443).
Regular Updates: IPs in these lists change periodically. Implement a process to keep these updated in your network configuration.
Testing: After making changes, thoroughly test your ggLeap and ggRock setup to ensure proper communication and functionality.