Hello! I’m working to setup the log streaming integration with a VCL Service and Kafka. I’ve followed the documentation provided (Log streaming: Kafka | Fastly Documentation) and have everything setup and data seems to be streaming (or at minimum, the Fastly producer has been able to connect and create a new topic).
That said, my current setup allows connections from any IP. I am using SASL/SCRAM, but I’d still prefer to “lock down” the allowed sources of connections, so I’m wodnering if Fastly has a list, or range, of IP addresses we can expect the Kafka log producer to connect from?
Thank you!
1 Like
Hey @shoelessone, we have a public API endpoint that lists all of Fastly’s allocated IP space ( Public IP List | Fastly Documentation or https://api.fastly.com/public-ip-list). That list is as granular as we provide, but it should do what you need.
1 Like
Another option you may want to consider is Mutual TLS - you can provide a TLS client certificate in the configuration of the logging endpoint which will be used when connections are made to Kafka, and if it has been configured to only allow connections with a valid TLS client certificate then you have a very secure connection profile.
1 Like
Thank you both for the help / feedback, This answers the question I think + bonus food-for-thought 
- thanks again!
1 Like