Empowering Secure Cloud-Native Applications with Egress Control in Choreo
- Lahiru De Silva
- Senior Software Engineer - WSO2
Applications running on Choreo often interact with external systems, making egress control a critical layer of security against unauthorized access and data breaches. By offering fine-grained control over outbound traffic, Choreo reinforces its commitment to providing a secure and reliable environment for developers and organizations to deliver exceptional digital experiences to their customers.
With Choreo’s new egress control feature, organization admins can configure egress rules to manage outbound traffic originating from the applications within their organization. For more granular control, organization-level egress rules can be extended at the project level, allowing custom configurations based on specific egress requirements while maintaining compliance with the organization-level policies.
Choreo currently supports 2 basic types of egress control:
1. Allow All Egress Traffic and Deny Selectively
By default, Choreo allows egress traffic to all remote destinations. With the newly introduced egress control feature, you can extend the default configuration by defining a deny list. This allows organizations to maintain a set of deny rules that block traffic to specified destinations across the organization. Deny rules must include valid CIDR addresses, such as 152.60.201.64/24.
Organization-level deny rules are automatically inherited by all projects, ensuring consistent compliance. Additionally, project-level egress rules can further restrict traffic for specific projects, offering granular control over traffic management.
Figure 1: Organization-level allow all egress control type
When to Use "Allow All, Deny Selectively"?
The "Allow All, Deny Selectively" control type is the default setting in Choreo. It is ideal for organizations that do not require strict traffic controls or are in pre-production states, such as migration or testing, where unrestricted access to external services simplifies operations. In this setup, a deny list can block specific destinations. For instance, if an organization detects suspicious egress traffic to an unknown destination, they can quickly address the issue by adding a deny rule for that destination.
2. Deny All Egress Traffic and Allow Selectively
In this egress control type, all egress traffic to remote destinations is blocked by default, except for destinations specified in the allow list. This method prioritizes security by giving organization admins complete control over accessible external services. Allow rules must include valid CIDR addresses, such as 152.60.201.64/24, and valid domains, such as github.com.
The allow list is inherited by all projects within the organization. At the project level, admins can refine restrictions by removing specific entries from the allow list, tailoring egress traffic rules to individual projects. This ensures a robust, security-first approach to managing external connections.
Figure 2: Organization-level deny all egress control type
When to Use "Deny All, Allow Selectively"?
This control type is ideal for security-focused organizations that require strict policies for managing egress traffic. It enables organizations to allow only essential external access, such as databases and third-party APIs, while blocking all other destinations. Before switching to this type, it is crucial to carefully evaluate and identify all necessary external access points to ensure uninterrupted application functionality. This approach maintains a highly secure environment by minimizing exposure to unauthorized or unnecessary external destinations. Getting Started
For detailed instructions on using the new egress control feature, refer to our documentation.
Not a Choreo user yet? Sign up for Choreo today and start your journey for free!