Managing egress traffic from your app
The cloud.gov team recently announced a new feature of our platform that allows developers to control how traffic leaves their application instances.
By default, when new spaces are created in your organization an application security group (ASG) is applied that restricts access to only the internal cloud.gov network. Applications running in this ASG can respond to incoming requests, but new egress traffic to cloud.gov brokered services or to the public internet can’t be initiated from these instances.
If you have created a new space in your organization and are having trouble making external requests from it (e.g., ssh’ing to your app instance to administer an RDS instance), you may need to modify the ASG that applies to your space.