Add public IP address allowlist for Teleport Cloud #42593
Conversation
|
🤖 Vercel preview here: https://docs-g33b3q47r-goteleport.vercel.app/docs/ver/preview |
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
|
🤖 Vercel preview here: https://docs-gamlhfkmb-goteleport.vercel.app/docs/ver/preview |
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
sclevine
added
documentation
no-changelog
|
🤖 Vercel preview here: https://docs-d62pjvca6-goteleport.vercel.app/docs/ver/preview |
| tocDepth: 3 | ||
| --- | ||
|
|
||
| Teleport Agents connected to Teleport Enterprise Cloud must be allowed to connect to the following IP addresses in order to join the Teleport cluster. |
There was a problem hiding this comment.
| Teleport Agents connected to Teleport Enterprise Cloud must be allowed to connect to the following IP addresses in order to join the Teleport cluster. | |
| Teleport Agents connected to managed Teleport Enterprise accounts must be allowed to connect to the following IP addresses in order to join the Teleport cluster. |
There was a problem hiding this comment.
Went with "cloud-hosted" for consistency with the other wording. It's important that self-hosted customers understand that this is not necessary (and less secure) for their setup.
| </Notice> | ||
|
|
||
| When this list is modified, we will provide at least two weeks notice by: | ||
| 1. Updating the Changelog below. |
There was a problem hiding this comment.
What will this look like during the next update? For an update two weeks from today, would it look like:
- 2024-06-24: List updated
- 2024-06-06: List published
If updating the docs is part of the IP allowlist update workflow, would it make sense to include a Notice containing the date of the next allowlist update at the top of the page instead?
There was a problem hiding this comment.
It would be more descriptive, and less frequent, e.g.,
- 2026-06-24: 127.1.2.3/32 added to list.
- 2024-06-06: List published
Example of a similar workflow: https://www.cloudflare.com/ips/
would it make sense to include a Notice containing the date of the next allowlist update at the top of the page instead
For security and process reasons, nothing needs to be announced before the list is updated. We could add a notice when we update the list, to call attention to the recent change.
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
|
🤖 Vercel preview here: https://docs-dgqemojqr-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-58ajv1w57-goteleport.vercel.app/docs/ver/preview |
public-teleport-github-review-bot
bot
removed the request for review
from ravicious
|
🤖 Vercel preview here: https://docs-odzdftr6j-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-kftkxf3z5-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-6gfc52yvo-goteleport.vercel.app/docs/ver/preview |
This PR adds an allowlist of public IP addresses for Teleport Cloud to the Teleport Cloud sections of the docs.
This implements the IP management policy described here (internal link).