Question
Cloud Firewall setup for backend data processing server
My app uses custom generated data that is stored in my DB and is then served to the visitors. That’s handled by a Nginx webserver on one droplet (D1) and a MongoDB on another droplet (D2).
To push new data into the DB, I’m running a Python script on a 3rd droplet (D3), and I’m not sure how best to set up the Cloud Firewall for it.
Basically, the Python script calls a 3rd party API, gets the data from it, generates the output and writes it to the MongoDB in D2. So to configure the Cloud FW rules for D3, I think I need:
Incoming:
-SSH on port 22: all
-TCP from D2 (MongoDB) Private IP <—do I need this? I do query the DB before writing new data
-How do I handle the 3rd party API incoming data?
Outgoing:
-ICMP/TCP/UDP to D2
Does this look reasonable and what should I do regarding the API data calls?
Thank you!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×
Edit: I think I also need some kind of Outgoing rule to query the external API
And, to clarify, I want to restrict all other incoming/outgoing traffic to D3 beyond what is absolutely necessary. But I’m lost on how to ensure that the API data is called and received.