IP Allowlisting
Introduction
Allowlists and network policies secure services and applications by preventing unauthorized connections while permitting access by approved IPs. They operate by inclusion rather than exclusion (unlike denylists), so IPs not in allowlists or policies are rejected and can’t connect.
Tarsal moves data between applications via source and destination connectors configured in the portal. The connectors invoke third-party APIs to access your applications. Connector IPs must be allowed in all your applications and services allowlists or network policies to ensure connections.
Overview
Allowlists and network policies are typically defined at the application or service level. However, your sources and destinations may not provide this security option; alternatively, they may be public (meaning Tarsal can access them already), or you may not use allowlists or network policies (even if they’re available).
If your services provide security policy features that are in use (i.e., they are not open to the general internet), you must explicitly allow Tarsal’s connector IP for each one.
For example, consider an AWS S3 (Simple Storage Service) bucket containing data dumps. Identity and Access Management (IAM) policies limit bucket access to company network IPs. This S3 bucket will be a Tarsal connector data source, so the Tarsal IP must be added to the bucket’s IAM policy for access.
Please consult your application or service’s security policy documentation to configure incoming Tarsal IP connections for data ingestion and delivery.
Tarsal IPs
Your applications and services with Tarsal integrations must accept inbound connection requests from the following IP addresses:
| Version | Protocol | IP Address | Description |
|---|---|---|---|
| IPv4 | TCP | 54.186.15.151 | All Tarsal source and destination connectors |
Security Hardening
Tarsal recommends that your applications and services reject all incoming IPs via any protocol, range, or port other than Tarsal, those essential for application functions, and those required by your IT organization.
Static IPs
While Tarsal IPs are static and not expected to change, customers will be notified of updates in advance.
Testing Allowlists
Test before and after adding Tarsal IPs to confirm that allowlisting or network policies provide the expected results!
Updated about 2 months ago