From 53670fe5b8c30278198da7c0db014faa3202fe93 Mon Sep 17 00:00:00 2001 From: forstisabella <92472883+forstisabella@users.noreply.github.com> Date: Thu, 1 Aug 2024 20:15:26 -0400 Subject: [PATCH 1/5] IP allowlisting draft --- src/_includes/content/ip-allowlisting.md | 22 +++++++++++++ .../actions-liveramp-audiences/index.md | 3 ++ .../actions-the-trade-desk-crm/index.md | 3 ++ .../catalog/amazon-kinesis/index.md | 2 ++ src/connections/destinations/index.md | 31 ++++++++++++++++--- .../functions/destination-functions.md | 2 +- src/connections/functions/insert-functions.md | 2 ++ 7 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 src/_includes/content/ip-allowlisting.md diff --git a/src/_includes/content/ip-allowlisting.md b/src/_includes/content/ip-allowlisting.md new file mode 100644 index 0000000000..bd33f3a381 --- /dev/null +++ b/src/_includes/content/ip-allowlisting.md @@ -0,0 +1,22 @@ +IP Allowlisting uses a NAT gateway to route traffic from Segment's servers to your destination through a limited range of IP addresses, which can prevent malicious actors from establishing TCP and UDP connections with your integrations. + +IP Allowlisting is available for customers on Business Tier plans. + +## Supported destinations +Segment supports IP Allowlisting in all Classic and Actions destinations except for the following: +- [LiveRamp](/docs/connections/destinations/catalog/actions-liveramp-audiences/) +- [TradeDesk](/docs/connections/destinations/catalog/actions-the-trade-desk-crm/) +- [Amazon Kinesis](/docs/connections/destinations/catalog/amazon-kinesis/) +- [Destination Functions](/docs/connections/functions/destination-functions/) +- [Destination Insert Functions](/docs/connections/functions/insert-functions/) + +Destinations that are not supported receive traffic from randomly assigned IP addresses. + +## Getting started +To enable IP Allowlisting for your workspace: +1. From your Segment workspace, navigate to **[Settings > Workspace settings > Destination IP settings](https://app.segment.com/goto-my-workspace/settings/destination-ip-settings){:target="_blank”}**. +2. On the Destination IP settings page, click **Enable IP allowlisting**. +3. The page displays the IP address ranges that Segment uses to route data from Segment's internal systems to your destination. Note these ranges, as you'll need these ranges to enforce IP restriction in your downstream destinations. +4. Open each of your downstream tools and configure IP restriction for each destination. For more information, refer to the documentation for your downstream tool. + +*IP restriction might not be supported in all destinations.* \ No newline at end of file diff --git a/src/connections/destinations/catalog/actions-liveramp-audiences/index.md b/src/connections/destinations/catalog/actions-liveramp-audiences/index.md index a205f74327..2bc37e4b8b 100644 --- a/src/connections/destinations/catalog/actions-liveramp-audiences/index.md +++ b/src/connections/destinations/catalog/actions-liveramp-audiences/index.md @@ -12,6 +12,9 @@ The LiveRamp Audiences destination allows users to connect their Engage Audience The LiveRamp Audiences destination can be connected to **Twilio Engage sources only**. +> info "LiveRamp Audiences is not compatible with IP Allowlisting" +> For more information, see the [IP Allowlisting](/docs/connections/destinations/#ip-allowlisting) documentation. + ## Getting started ### Set up your file drop diff --git a/src/connections/destinations/catalog/actions-the-trade-desk-crm/index.md b/src/connections/destinations/catalog/actions-the-trade-desk-crm/index.md index dbdd3db628..68cb3309a6 100644 --- a/src/connections/destinations/catalog/actions-the-trade-desk-crm/index.md +++ b/src/connections/destinations/catalog/actions-the-trade-desk-crm/index.md @@ -14,6 +14,9 @@ This integration lets users link Engage audiences to The Trade Desk and transmit The Trade Desk destination can only be connected to Twilio Engage sources. +> info "The Trade Desk CRM is not compatible with IP Allowlisting" +> For more information, see the [IP Allowlisting](/docs/connections/destinations/#ip-allowlisting) documentation. + ## Getting started ### Obtaining credentials from The Trade Desk diff --git a/src/connections/destinations/catalog/amazon-kinesis/index.md b/src/connections/destinations/catalog/amazon-kinesis/index.md index de45722cb5..af32a8dad2 100644 --- a/src/connections/destinations/catalog/amazon-kinesis/index.md +++ b/src/connections/destinations/catalog/amazon-kinesis/index.md @@ -5,6 +5,8 @@ id: 57da359580412f644ff33fb9 --- [Amazon Kinesis](https://aws.amazon.com/kinesis/){:target="_blank”} enables you to build custom applications that process or analyze streaming data for specialized needs. Amazon Kinesis Streams can continuously capture and store terabytes of data per hour from hundreds of thousands of sources such as website clickstreams, financial transactions, social media feeds, IT logs, and location-tracking events. +> info "Amazon Kinesis is not compatible with IP Allowlisting" +> For more information, see the [IP Allowlisting](/docs/connections/destinations/#ip-allowlisting) documentation. ## Getting Started diff --git a/src/connections/destinations/index.md b/src/connections/destinations/index.md index 3f3f62226d..958c87fce5 100644 --- a/src/connections/destinations/index.md +++ b/src/connections/destinations/index.md @@ -121,9 +121,9 @@ To add a Destination: [Learn more](/docs/connections/destinations/add-destination/) about what adding a destination entails. > note "Disabled destinations do not receive data" -> If you haven't enabled your destination for the first time after you created it or if you actively disable a destination, Segment prevents any data from reaching the destination. Business Tier customers can request [a Replay]([url](https://segment.com/docs/guides/what-is-replay/)), which resends data from the time the destination was disabled to the time it was re-enabled. Replays can also send data to currently disabled destinations. +> If you haven't enabled your destination for the first time after you created it or if you actively disable a destination, Segment prevents any data from reaching the destination. Business Tier customers can request [a Replay](/docs/guides/what-is-replay/), which resends data from the time the destination was disabled to the time it was re-enabled. Replays can also send data to currently disabled destinations. > -> Some destinations are not compatible with Replays after a certain period of time. Check with Segment’s support team [friends@segment.com](friends@segment.com) to confirm that your intended destination allows historical timestamps. +> Some destinations are not compatible with Replays after a certain period of time, for example, 14 days. Check with Segment’s support team [friends@segment.com](mailto:friends@segment.com) to confirm that your intended destination allows historical timestamps. ## Data deliverability @@ -207,6 +207,29 @@ The following destinations support bulk batching: > info "You must manually configure bulk batches for Actions destinations" > To support bulk batching for the Actions Webhook destination, you must set `enable-batching: true` and `batch_size: >= 1000`. -### IP Allowlist +## IP Allowlisting -{% include content/ip-allowlist.md %} +IP Allowlisting uses a NAT gateway to route traffic from Segment's servers to your destination through a limited range of IP addresses, which can prevent malicious actors from establishing TCP and UDP connections with your integrations. + +IP Allowlisting is available for customers on Business Tier plans. + +> info "" +> Segment might add additional IP addresses ranges. Before adding additional ranges, Segment will send an email to all Workspace Owners notifying them of the update. + +### Supported destinations +Segment supports IP Allowlisting in all Classic and Actions destinations except for the following: +- [LiveRamp](/docs/connections/destinations/catalog/actions-liveramp-audiences/) +- [TradeDesk](/docs/connections/destinations/catalog/actions-the-trade-desk-crm/) +- [Amazon Kinesis](/docs/connections/destinations/catalog/amazon-kinesis/) +- [Destination Functions](/docs/connections/functions/destination-functions/) + +Destinations that are not supported receive traffic from randomly assigned IP addresses. + +### Configure IP Allowlisting +To enable IP Allowlisting for your workspace: +1. From your Segment workspace, navigate to **[Settings > Workspace settings > Destination IP settings](https://app.segment.com/goto-my-workspace/settings/destination-ip-settings){:target="_blank”}**. +2. On the Destination IP settings page, click **Enable IP allowlisting**. +3. The page displays the IP address ranges that Segment uses to route data from Segment's internal systems to your destination. Note these ranges, as you'll need this information to enforce IP restriction in your downstream destinations. +4. Open each of your downstream tools and configure IP restriction for each destination. For more information, refer to the documentation for your downstream tool. + +*IP restriction might not be supported in all destinations.* \ No newline at end of file diff --git a/src/connections/functions/destination-functions.md b/src/connections/functions/destination-functions.md index 4d97a6d848..915f9f6d7d 100644 --- a/src/connections/functions/destination-functions.md +++ b/src/connections/functions/destination-functions.md @@ -17,7 +17,7 @@ All functions are scoped to your workspace, so members of other workspaces can't > note "" -> Destination functions doesn't accept data from [Object Cloud sources](/docs/connections/sources/#object-cloud-sources). +> Destination functions doesn't accept data from [Object Cloud sources](/docs/connections/sources/#object-cloud-sources). Destination functions don't support [IP Allowlisting](/docs/connections/destinations/#ip-allowlisting). ## Create a destination function diff --git a/src/connections/functions/insert-functions.md b/src/connections/functions/insert-functions.md index dd9391b485..8c3aa6123c 100644 --- a/src/connections/functions/insert-functions.md +++ b/src/connections/functions/insert-functions.md @@ -13,6 +13,8 @@ Use Destination Insert Functions to enrich, transform, or filter your data befor **Customize filtration for your destinations**: Create custom logic with nested if-else statements, regex, custom business rules, and more to filter event data. +> info "Destination Insert Functions are not compatible with IP Allowlisting" +> For more information, see the [IP Allowlisting](/docs/connections/destinations/#ip-allowlisting) documentation. ## Create destination insert functions From e5e6e78b41cecd7a965fd8201105b76791838c4a Mon Sep 17 00:00:00 2001 From: forstisabella <92472883+forstisabella@users.noreply.github.com> Date: Thu, 1 Aug 2024 20:28:06 -0400 Subject: [PATCH 2/5] [netlify-build] --- src/connections/destinations/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/destinations/index.md b/src/connections/destinations/index.md index 958c87fce5..aeaa0e78db 100644 --- a/src/connections/destinations/index.md +++ b/src/connections/destinations/index.md @@ -214,7 +214,7 @@ IP Allowlisting uses a NAT gateway to route traffic from Segment's servers to yo IP Allowlisting is available for customers on Business Tier plans. > info "" -> Segment might add additional IP addresses ranges. Before adding additional ranges, Segment will send an email to all Workspace Owners notifying them of the update. +> Segment might add additional IP address ranges. Before adding additional ranges, Segment will send an email to all Workspace Owners notifying them of the update. ### Supported destinations Segment supports IP Allowlisting in all Classic and Actions destinations except for the following: From 77efa64826c41edcf0ea5777c699065a57da6b59 Mon Sep 17 00:00:00 2001 From: forstisabella <92472883+forstisabella@users.noreply.github.com> Date: Thu, 1 Aug 2024 20:28:36 -0400 Subject: [PATCH 3/5] Delete ip-allowlisting.md --- src/_includes/content/ip-allowlisting.md | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 src/_includes/content/ip-allowlisting.md diff --git a/src/_includes/content/ip-allowlisting.md b/src/_includes/content/ip-allowlisting.md deleted file mode 100644 index bd33f3a381..0000000000 --- a/src/_includes/content/ip-allowlisting.md +++ /dev/null @@ -1,22 +0,0 @@ -IP Allowlisting uses a NAT gateway to route traffic from Segment's servers to your destination through a limited range of IP addresses, which can prevent malicious actors from establishing TCP and UDP connections with your integrations. - -IP Allowlisting is available for customers on Business Tier plans. - -## Supported destinations -Segment supports IP Allowlisting in all Classic and Actions destinations except for the following: -- [LiveRamp](/docs/connections/destinations/catalog/actions-liveramp-audiences/) -- [TradeDesk](/docs/connections/destinations/catalog/actions-the-trade-desk-crm/) -- [Amazon Kinesis](/docs/connections/destinations/catalog/amazon-kinesis/) -- [Destination Functions](/docs/connections/functions/destination-functions/) -- [Destination Insert Functions](/docs/connections/functions/insert-functions/) - -Destinations that are not supported receive traffic from randomly assigned IP addresses. - -## Getting started -To enable IP Allowlisting for your workspace: -1. From your Segment workspace, navigate to **[Settings > Workspace settings > Destination IP settings](https://app.segment.com/goto-my-workspace/settings/destination-ip-settings){:target="_blank”}**. -2. On the Destination IP settings page, click **Enable IP allowlisting**. -3. The page displays the IP address ranges that Segment uses to route data from Segment's internal systems to your destination. Note these ranges, as you'll need these ranges to enforce IP restriction in your downstream destinations. -4. Open each of your downstream tools and configure IP restriction for each destination. For more information, refer to the documentation for your downstream tool. - -*IP restriction might not be supported in all destinations.* \ No newline at end of file From 4cbb8785685322349cfe71176871178ad304696c Mon Sep 17 00:00:00 2001 From: forstisabella <92472883+forstisabella@users.noreply.github.com> Date: Fri, 2 Aug 2024 17:40:30 -0400 Subject: [PATCH 4/5] rmv callout [netlify-build] --- src/connections/destinations/index.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/connections/destinations/index.md b/src/connections/destinations/index.md index aeaa0e78db..b860331d8f 100644 --- a/src/connections/destinations/index.md +++ b/src/connections/destinations/index.md @@ -213,9 +213,6 @@ IP Allowlisting uses a NAT gateway to route traffic from Segment's servers to yo IP Allowlisting is available for customers on Business Tier plans. -> info "" -> Segment might add additional IP address ranges. Before adding additional ranges, Segment will send an email to all Workspace Owners notifying them of the update. - ### Supported destinations Segment supports IP Allowlisting in all Classic and Actions destinations except for the following: - [LiveRamp](/docs/connections/destinations/catalog/actions-liveramp-audiences/) From cf7e54893e99d32c1b98b53552b81f6a17c871db Mon Sep 17 00:00:00 2001 From: forstisabella <92472883+forstisabella@users.noreply.github.com> Date: Fri, 2 Aug 2024 17:51:46 -0400 Subject: [PATCH 5/5] destinations note [netlify-build] --- src/connections/destinations/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/destinations/index.md b/src/connections/destinations/index.md index b860331d8f..1ecd024464 100644 --- a/src/connections/destinations/index.md +++ b/src/connections/destinations/index.md @@ -214,7 +214,7 @@ IP Allowlisting uses a NAT gateway to route traffic from Segment's servers to yo IP Allowlisting is available for customers on Business Tier plans. ### Supported destinations -Segment supports IP Allowlisting in all Classic and Actions destinations except for the following: +Segment supports IP Allowlisting in [all destinations](/docs/connections/destinations/catalog/) except for the following: - [LiveRamp](/docs/connections/destinations/catalog/actions-liveramp-audiences/) - [TradeDesk](/docs/connections/destinations/catalog/actions-the-trade-desk-crm/) - [Amazon Kinesis](/docs/connections/destinations/catalog/amazon-kinesis/)