Send Docs Feedback

Note: Most user interface tasks can be performed in Edge Classic or the New Edge experience. For an overview, getting started topics, and release notes specific to the New Edge experience, see the docs.

Security guidelines between Edge and AWS

Following are guidelines for ensuring secure communication between Edge and AWS.

TLS

IP whitelisting

Whether you're using EC2-VPC or EC2-Classic as your AWS environment, configure your security group(s) to allow only your Edge IP addresses to make calls to your AWS services.

To find out your Edge IP addresses to whitelist, contact Apigee Support as described in this Apigee Community article.

To find out one or more of your Edge IPs on your own, see this Apigee Community article.

If you are on the Edge trial (free) plan, your Edge IP addresses (you have two by default) might change at some point, so this step of IP whitelisting may not be practical over time. For more information, see this Apigee Community article.

For information on creating inbound rules in your security groups for whitelisting your Edge IP addresses, see the following AWS documentation:

To see a full list of AWS IP ranges, and to see which AWS region your Edge Public Cloud organization is deployed in once you know your IP addresses, see https://ip-ranges.amazonaws.com/ip-ranges.json.

Amazon EC2

If you're proxying an Amazon EC2 instance, set up an Elastic IP address in front of the EC2 instance. For more information, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html.

Amazon RDS

When proxying the Amazon RDS database, use TLS/SSL encryption between Edge and RDS. For more information, see http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html.

Apigee also provides connectors to expose relational databases as APIs. You can use the “SQL volos connectors” as a starting point if you need to expose your AWS relational database as a REST API. For more information, see Apigee connectors.

Amazon Route 53

If you're using Amazon Route 53 for DNS service, be sure to set appropriate TTL (Time to Live) on your Resource Record Sets. For more information, see http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html.

Help or comments?