Skip to main content
U.S. flag

An official website of the United States government

Managing egress traffic from your app

December 16, 2021

The cloud.gov team recently announced a new feature of our platform that allows developers to control how traffic leaves their application instances.

By default, when new spaces are created in your organization an application security group (ASG) is applied that restricts access to only the internal cloud.gov network. Applications running in this ASG can respond to incoming requests, but new egress traffic to cloud.gov brokered services or to the public internet can’t be initiated from these instances.

If you have created a new space in your organization and are having trouble making external requests from it (e.g., ssh’ing to your app instance to administer an RDS instance), you may need to modify the ASG that applies to your space.

You can read the documentation on controlling space egress here, and you can modify the ASGs that apply to your space by opening a support ticket.