Add config settings for custom CIDR range on API load balancer #3031

codyebberson · 2023-10-13T15:34:05Z

When using apiInternetFacing = false in the Medplum CDK config, the API server is only accessible to the VPC
Users want to allow access to specific IP address ranges to allow access from other internal services
Or, alternately, a "bring your own security group" feature where you can specify the security group by name or ID
Exposing "BYOB security group" would be more flexible, and more aligned with "The AWS Way", because you could grant access by service or other security group
See our API load balancer definition here: https://github.com/medplum/medplum/blob/main/packages/cdk/src/backend.ts#L362
Note that we currently use the default security group configuration

The text was updated successfully, but these errors were encountered:

reshmakh added this to the December 1, 2023 milestone Oct 25, 2023

reshmakh added the self-host Features and fixes related to self hosting label Oct 26, 2023

reshmakh modified the milestones: November 30, 2023, Milestone Quality Nov 1, 2023

Provide feedback