Merge pull request #4106 from segmentio/add-new-egress-ips

Added new NAT CIDR block to allowlist instructions

Author: forstisabella

src/connections/storage/catalog/postgres/index.md

@@ -28,13 +28,13 @@ Segment supports the following Postgres database providers:
 This guide explains how to set up a Postgres database with Heroku. Heroku is a cloud-based platform-as-a-service which simplifies the process of setting up and administering a Postgres database.
 
 > info "First sync duration"
-> The initial sync between Segment and Heroku Postgres can take up to 24 hours to complete. 
+> The initial sync between Segment and Heroku Postgres can take up to 24 hours to complete.
 
 1. [Sign up](https://signup.heroku.com/identity){:target="_blank"} for a Heroku account, or [log in](https://id.heroku.com/login){:target="_blank"} to an existing account.
 
 2. On the Heroku landing page, select **New** and click **Create new app**.
 
-3. Enter a name for your app and select the region where you want to host it. If you want to add your app to a Heroku pipeline, do so here. When you've finished updating your app's settings, click **Create app**.   
+3. Enter a name for your app and select the region where you want to host it. If you want to add your app to a Heroku pipeline, do so here. When you've finished updating your app's settings, click **Create app**.
 
 4. On the Deploy page, select the Resources tab.
 
@@ -44,7 +44,7 @@ This guide explains how to set up a Postgres database with Heroku. Heroku is a c
 
 7. Open the Segment app. On the Overview page, click **Add Destination**.
 
-8. Search for and select the Postgres destination.  
+8. Search for and select the Postgres destination.
 
 9. Choose the source(s) you'd like to connect to Postgres, and click **Next**.
 
@@ -54,10 +54,10 @@ This guide explains how to set up a Postgres database with Heroku. Heroku is a c
 
 You can set up a Postgres database with Amazon Relational Database Service (RDS). RDS simplifies the process of setting up and administering a Postgres database.
 
-Follow the steps in Amazon's documentation [Creating a PostgreSQL DB instance and connecting to a database on a PostgreSQL DB instance](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.CreatingConnecting.PostgreSQL.html){:target="_blank"} to create a new PostgreSQL database in RDS. For best performance, create your database in the `US West` region. 
+Follow the steps in Amazon's documentation [Creating a PostgreSQL DB instance and connecting to a database on a PostgreSQL DB instance](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.CreatingConnecting.PostgreSQL.html){:target="_blank"} to create a new PostgreSQL database in RDS. For best performance, create your database in the `US West` region.
 
 > warning "Ensure your database is publicly accessible"
-> When you create your database, ensure that the **Public access** setting is set to **Yes**. Segment requires your database to be publicly accessible in order to connect to your database. 
+> When you create your database, ensure that the **Public access** setting is set to **Yes**. Segment requires your database to be publicly accessible in order to connect to your database.
 
 When you create your database, Segment recommends that you enter a **Database name** value in the **Additional options** section. This setting creates the Postgres database at instance startup.
 
@@ -71,17 +71,21 @@ To create a new inbound rule:
 
 2. Open the Databases tab.
 
-3. Select your database and open the Connectivity & security tab. Open the **Security group rules** section. 
+3. Select your database and open the Connectivity & security tab. Open the **Security group rules** section.
 
 4. Click on the existing inbound security group and select the Inbound rules tab.
 
 5. Click **Edit inbound rules** to add a new rule, and click **Add rule**.
 
 6. Add a new rule with the following parameters:
-    - Select **PostgreSQL** as the type. 
-    - For **Source**, change the custom IP to `52.25.130.38/32`. This allows Segment to connect to the instance.
-    
-    When you're finished, click **Save**.
+    - Select **PostgreSQL** as the type.
+    - For **Source**, change the custom IP to `52.25.130.38/32`.
+
+7. Add another rule with the following parameters:
+    - Select **PostgreSQL** as the type.
+    - For **Source**, change the custom IP to `34.223.203.0/28`.
+
+8. Click **Save rules**.
 
 ## Compose Postgres
 
@@ -218,7 +222,7 @@ GRANT CREATE, TEMPORARY ON DATABASE <enter database name here> TO segment;
 ## Security
 To make sure your Postgres database is secure:
 - Log in with a user that has read and write permissions so that Segment can write to your database.
-- Allowlist the Segment IP (`52.25.130.38/32`). Otherwise, Segment can't load your data.
+- Allowlist the Segment IP addresses (`52.25.130.38/32` and `34.223.203.0/28`). Otherwise, Segment can't load your data.
 - Create a service user that has `read/write` permissions.
 - Always require SSL/TLS and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL/TLS.
 
@@ -297,4 +301,4 @@ The syncs are failing due to a permissions issue. It looks like the user connect
 
 To resolve these errors Segment recommends connecting to your warehouse using the owner account, or granting permissions to the current account you use to connect to Segment. You can correct these permissions by running the following SQL statement - Replace `user` with the account you use to connect to Segment, and run this statement for each schema in the warehouse.
 
-`GRANT CREATE ON DATABASE <database_name> TO <user>`
+`GRANT CREATE ON DATABASE <database_name> TO <user>`

src/connections/storage/catalog/redshift/images/redshift05.png

@@ -86,7 +86,7 @@ Redshift clusters are created in a VPC subnet. To configure:
 
 4. Click the Security group in the list to access its settings.
 
-5. On the Inbound tab, add or edit a rule to enable Segment to write to your Redshift port from `52.25.130.38/32`. ![inbound](images/redshift05.png)
+5. On the Inbound tab, add rules to enable Segment to write to your Redshift port from `34.223.203.0/28` and `52.25.130.38/32`. ![inbound](images/redshift05.png)
 
 6. On the Outbound tab, ensure Redshift can make outbound requests to the Segment S3 bucket. The default behavior is to allow all outbound traffic, but security groups can limit outbound behavior. ![outbound](images/redshift06.png)
 

src/connections/storage/catalog/redshift/index.md

@@ -154,9 +154,9 @@ After creating a Snowflake warehouse, the next step is to connect Segment.
 
 ## Security
 
-### Whitelisting IPs
+### Allowlisting IPs
 
-If you create a network policy with Snowflake, add the following IP address to the "Allowed IP Addresses" list: `52.25.130.38/32`
+If you create a network policy with Snowflake, add the following IP addresses to the "Allowed IP Addresses" list: `52.25.130.38/32`, `34.223.203.0/28`
 
 ### Multi-Factor Authentication (MFA) & SSO
 

src/connections/storage/catalog/snowflake/index.md

@@ -95,7 +95,7 @@ Segment recommends scripting any sort of additions of data you might have to war
 
 ## Which IPs should I allowlist?
 
-You can allowlist Segment's custom IP `52.25.130.38/32` while authorizing Segment to write in to your Redshift or Postgres port.
+You must allowlist Segment's custom IPs `52.25.130.38/32` and `34.223.203.0/28` while authorizing Segment to write in to your Redshift or Postgres port.
 
 **EU workspace regions are currently in beta.**  If you're in the EU region and participating in the public beta program, use CIDR `3.251.148.96/29`. To learn more about the public beta for EU workspace locations, contact your account manager.
 
@@ -128,48 +128,48 @@ After a source is created, you can enable or disable a warehouse sync within the
 If you enabled activity notifications for your storage destination, you'll receive notifications in the Segment app for the fifth and 20th consecutive warehouse failures.
 
 To sign up for warehouse sync notifications:
-1. Open the Segment app. 
-2. Go to **Settings** > **User Preferences**. 
+1. Open the Segment app.
+2. Go to **Settings** > **User Preferences**.
 3. In the Activity Notifications section, select **Storage Destinations**.
-4. Enable **Storage Destination Sync Failed**. 
+4. Enable **Storage Destination Sync Failed**.
 
 ## How is the data formatted in my warehouse?
 
-Data in your warehouse is formatted into **schemas**, which involve a detailed description of database elements (tables, views, indexes, synonyms, etc.) 
-and the relationships that exist between elements. Segment's schemas use the following template: <br/>`<source>.<collection>.<property>`, for example, 
+Data in your warehouse is formatted into **schemas**, which involve a detailed description of database elements (tables, views, indexes, synonyms, etc.)
+and the relationships that exist between elements. Segment's schemas use the following template: <br/>`<source>.<collection>.<property>`, for example,
 `segment_engineering.tracks.user_id`, where source refers to the source or project name (segment_engineering), collection refers to the event (tracks),
-and the property refers to the data being collected (user_id). 
+and the property refers to the data being collected (user_id).
 
 Schema data for Segment warehouses is represented in snake case.
 
 For more information about Warehouse Schemas, see the [Warehouse Schemas](/docs/connections/storage/warehouses/schema) page.
 
 ## If my syncs fail and get fixed, do I need to ask for a backfill?
 
-If your syncs fail, you do not need to reach out to Segment Support to request a backfill. Once a successful sync takes place, 
-Segment automatically loads all of the data generated since the last successful sync occurred. 
+If your syncs fail, you do not need to reach out to Segment Support to request a backfill. Once a successful sync takes place,
+Segment automatically loads all of the data generated since the last successful sync occurred.
 
 
 ## Can I change my schema names once they've been created?
 
-Segment stores the name of your schema in the **SQL Settings** page. Changing the name of your schema in the app without updating the name in your data warehouse causes a new schema to form, one that doesn't contain historical data.  
+Segment stores the name of your schema in the **SQL Settings** page. Changing the name of your schema in the app without updating the name in your data warehouse causes a new schema to form, one that doesn't contain historical data.
 
-To change the name of your schema without disruptions: 
+To change the name of your schema without disruptions:
 
-1. Open the Segment app, select **Connections** and click **Destinations**. 
+1. Open the Segment app, select **Connections** and click **Destinations**.
 2. Select the warehouse you'd like to rename the schema for from the list of destinations.
 3. On the overview page for your source, select **Settings**.
-4. Disable the **Sync Data** toggle and click **Save Settings**. 
-5. Select **Connections** and click **Sources**. 
-6. Select a source that syncs data with your warehouse from your list of sources, and select **Settings**. 
+4. Disable the **Sync Data** toggle and click **Save Settings**.
+5. Select **Connections** and click **Sources**.
+6. Select a source that syncs data with your warehouse from your list of sources, and select **Settings**.
 7. Select **SQL Settings** and update the "Schema Name" field with the new name for your schema and click **Save Changes.**
 > **Note**: This will set the schema name for all existing and future destinations.
-8. Repeat steps six and seven until you rename all sources that sync data to your warehouse. 
-9. Open the third-party host of your database, and rename the schema. 
+8. Repeat steps six and seven until you rename all sources that sync data to your warehouse.
+9. Open the third-party host of your database, and rename the schema.
 10. Open the Segment app, select **Connections** and click **Destinations**.
 11. Select the warehouse you disabled syncs for from the list of destinations.
-3. On the overview page for your source, select **Settings**.
-4. Enable the **Sync Data** toggle and click **Save Settings**. 
+12. On the overview page for your source, select **Settings**.
+13. Enable the **Sync Data** toggle and click **Save Settings**.
 
 ## Can I change the data type of a column in the warehouse?