BTPCFSecurityGroups
BTPCFSecurityGroups
Application Security Groups permit egress traffic from Cloud Foundry applications in the style of a firewall. This check checks if the Application Security Groups set in each space for running and staging are allowing, or not allowing, a selection of best practice network security rules. The defaults are to ensure access to at least some DNS sever, SAP's connectivity service and AWS load balancers, whilst ensuring access to the IaaS metadata IPs are not allowed. The check can be configured in monitoring parameters to ignore validations that are not considered relevant, and there is also a custom check named BTP_CF_SECURITY_GROUPS to validate any custom connection requirements.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | RealTime Monitoring |
| Depends on | BTPConnect |
| Monitoring Parameters | SecurityGroupsCheckConnectivityAllowedToDNS, SecurityGroupsCheckConnectivityNotAllowedToMetadataEndpoint, SecurityGroupsCheckConnectivityAllowedToConnectivityService, and SecurityGroupsCheckConnectivityAllowedToAWSLoadBalancer |