Tl/dr; Provide an option to pay for a static node ip to make it easier to whitelist your application in external services. Specifically for egress and not ingress.
Context: My app communicates with a lot of third parties. A managed db, other b2b-partners, confidential third party APIs. Some of which I want to firewall (like the managed db), some of which require me to provide IP-Ranges for them to whitelist.
Current situation: Ploi already provides an API-Endpoint to receive all IP-Ranges that might be used. At the current pace it seems like ranges get added roughly once a month. I have no automated way to hand over those ranges to all third parties though.
Desired solution: In the application tab, provide a check for a static egress/node-ip-ranges.. Paying extra for those seems super fair.
Open question: What about nodes that scale? For me specifically I would not need a specifc IP, but an ip-range would be sufficient. Maybe that already solves it?
Alternative: Maybe an option to have a private (but still within plois infrastructure of course) node for the whole account that all apps of that account get deployed on as a premium service?
I see 2 options, one of them I already discussed with Dennis at some point but may (or may not be) out of budget. We can add an egress loadbalancer which will sent all of your outgoing traffic via a fixed IP address. To prevent abuse we would need this to be per application/customer/team which means it has to be paid. The alternative is having a private cloud option where you get a dedicated amount of resources and we can promise fixed IP addresses.
In the mean time there is an option to always get IP ranges from the API endpoint. This one is always up to date and therefore if you are able to automate this you should be able to make it work. I'm aware this is not a perfect solution but could work while we are going to fix this. :)
