GoodData Cloud Security Infrastructure
This article summarizes GoodData Cloud’s IP whitelistings, TLS security protocols and password policy.
IP Whitelisting
GoodData Cloud connects to your data source only from the following IP addresses based on the data center:
| Datacenter | IP Addresses | Provider | Region |
|---|---|---|---|
| IAD1 | 3.218.100.54/32 3.228.159.139/32 54.225.71.151/32 | AWS | us-east-1 |
| DUB1 | 18.200.100.37 18.200.42.248 99.80.14.106 | AWS | eu-west-1 |
Add the IP addresses to your firewall to enable connection between GoodData Cloud and your data source. Ensure that you add all three IP addresses for a given data center.
Supported TLS Security Protocols and Ciphers
If you are connecting to the GoodData Cloud from your tool or using our API, use the supported protocols and ciphers, or your connection will be refused during the SSL/TLS handshake.
GoodData Cloud supports TLS 1.2 and TLS 1.3.
TLS 1.2 Cipher Suites
| Priority | Suite |
|---|---|
| 1 | ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| 2 | ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| 3 | ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
TLS 1.3 Cipher Suites
| Priority | Suite |
|---|---|
| 1 | AES_256_GCM_SHA384 |
| 2 | CHACHA20_POLY1305_SHA256 |
| 3 | AES_128_GCM_SHA256 |
Password policy
This password policy is applied only when the GoodData Cloud is handling user authentication. Password is used to log in into GoodData Cloud via UI applications only. Use bearer token in case you want to authenticate your API calls (see API Authentication).
Validated rules for passwords:
- Password has length at least 8 characters
- Password includes at least 3 of the following 4 types of characters:
- Lower-case letter,
- Upper-case letter,
- Number,
- Special character (such as !@#$%^&*).
Different rules apply in case you are using your own authentication provider.