This guide will walk you through the necessary steps to start using your JFrog Platform Cloud. Before we begin, please note that there are several prerequisite steps that need to be completed to ensure a smooth and seamless experience. Let's get started!
Step 1: Verify outgoing traffic from the JFrog Platform Cloud to Your Organization is allowed
To enable communication between the JFrog Platform Cloud and your organization, you need to:
- Allow the JFrog Platform Cloud's NAT IPs on your organization's network. This is essential for establishing egress traffic and ensuring that data flows smoothly between the JFrog Platform Cloud and your organization.
For more information, see: What Are Artifactory Cloud NATed IPs?
Step 2: Validate Direct Cloud Storage Download Capability
For JFrog Platform Cloud deployed on AWS or GCP Cloud Providers, it is crucial to allow incoming traffic from the Cloud Providers' Storage.
Here's what you need to know:
- JFrog Platform Cloud is configured by default with Direct Download, which redirects download requests to Cloud Storage. This optimizes performance and supports scaling.
- Ensure that all workloads and clients across your organization download traffic directly from AWS S3 Bucket or Google Cloud Storage.
- Ensure that all clients and workloads in your organization support redirection with a 302 Status Code. This is typically supported by most modern clients.
For more information, see:
AWS: AWS IP Address Range
Add AWS URL’s to your organization’s allowlist
GCP: GCP IP Address Ranges
Add ‘storage.googleapis.com’ to your organization's allowlist of URLs.
For JFrog Platform Cloud deployments on Azure Cloud Provider, this step is not required at this point.
Step 3: Secure Your Instance with IP CIDR Allow List (Optional)
By default, JFrog Platform Cloud is accessible from the public internet. For enhanced security, it’s highly recommended to limit access according to the IPs used by your organization's clients and workloads.
To secure your instance:
- Configure IP CIDR allow lists using the MyJFrog Portal.
- Implement access restrictions to ensure only authorized IPs can reach the platform.
For more information, see: Configure the IP / CIDR Allowlist
Optional Steps for Enhanced Capabilities
Step 4: Configure CNAME (Optional)
You have the option to configure a CNAME for your JFrog Platform Cloud instance.
A CNAME (Canonical Name) is a DNS record that allows you to use a custom domain name to point to your Artifactory instance, making it easier to access and share. The benefits of this configuration include enhanced branding for your services and an improved user experience, as it provides a recognizable URL and facilitates seamless integration with other tools in your development ecosystem.
For more information, see: Manage Custom Domain Names
Step 5: Establish Private Link (Optional)
To further secure your platform, you can establish a Private Link.
JFrog's Private Link feature enables customers to establish a secure, private network connection between their infrastructure and their JFrog Cloud JPD. This is achieved by leveraging a secure tunnel, ensuring that traffic flows directly and privately.
For more information, see: Manage PrivateLink Connection
By completing these steps, you will ensure that your JFrog Platform Cloud instance is set up securely and efficiently, ready to support your organization's needs.