Cloud Firewall setup for backend data processing server
My app uses custom generated data that is stored in my DB and is then served to the visitors. That’s handled by a Nginx webserver on one droplet (D1) and a MongoDB on another droplet (D2).
To push new data into the DB, I’m running a Python script on a 3rd droplet (D3), and I’m not sure how best to set up the Cloud Firewall for it.
Basically, the Python script calls a 3rd party API, gets the data from it, generates the output and writes it to the MongoDB in D2. So to configure the Cloud FW rules for D3, I think I need:
-SSH on port 22: all
-TCP from D2 (MongoDB) Private IP <—do I need this? I do query the DB before writing new data
-How do I handle the 3rd party API incoming data?
-ICMP/TCP/UDP to D2
Does this look reasonable and what should I do regarding the API data calls?