Our app connects to the user’s data warehouse. It’s very common that they have firewall rules to only allow inbound traffic from a specific IP.
The host and port of the user’s database is completely configurable, so we need flexibility. Maybe there’s a simpler way to do it?
To make things a bit trickier, we sometimes connect to databases via an SSH tunnel. So we go [ our app in render ] --SSH–> || --> [ user’s bastion host ] --TCP–> [ user’s database ]
In this workflow, we need the origin IP address for the SSH command as a firewall usually sits at ||