Security Cloud Control is adapting a new way of communicating with the Secure Device Connector (SDC). To facilitate this, Security Cloud Control must migrate your existing SDC to the new communication method by February 1, 2024.
Note |
If your SDC is not migrated by February 1, 2024, Security Cloud Control will no longer be able to communicate with your devices through the SDC.
|
Security Cloud Control's operations team attempted to migrate your SDC but was unsuccessful because they experienced a connection issue.Please follow the steps below to correct the connection issue. Once this problem is resolved, we will be able to proceed with the migration.
Procedure
Step 1 | Create firewall rules that allow outbound proxy connections, on port 443, to
the domains in your region:
-
Production tenants in the Australia region:
-
cognito-identity.ap-southeast-2.amazonaws.com
-
cognito-idp.ap-southeast-2.amazonaws.com
-
sns.ap-southeast-2.amazonaws.com
-
sqs.ap-southeast-2.amazonaws.com
-
Production tenants in the India region:
-
cognito-identity.ap-south-1.amazonaws.com
-
cognito-idp.ap-south-1.amazonaws.com
-
sns.ap-south-1.amazonaws.com
-
sqs.ap-south-1.amazonaws.com
-
Production tenants in the US region:
-
cognito-identity.us-west-2.amazonaws.com
-
cognito-idp.us-west-2.amazonaws.com
-
sns.us-west-2.amazonaws.com
-
sqs.us-west-2.amazonaws.com
-
Production tenants in the EU region:
-
cognito-identity.eu-central-1.amazonaws.com
-
cognito-idp.eu-central-1.amazonaws.com
-
sns.eu-central-1.amazonaws.com
-
sqs.eu-central-1.amazonaws.com
-
Production tenants in the APJ region:
-
cognito-identity.ap-northeast-1.amazonaws.com
-
cognito-idp.ap-northeast-1.amazonaws.com
-
sqs.ap-northeast-1.amazonaws.com
-
sns.ap-northeast-1.amazonaws.com
|
Step 2 | You can determine the full list of IP addresses you need to add to your
firewall's "allow list" by using one of the commands below.
Note |
The commands below are for users that have jq installed. The IP
addresses will be displayed in a single list.
|
-
Production tenants in the US region:
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select( (.service == "AMAZON" ) and .region == "us-west-2") | .ip_prefix'
-
Production tenants in the EU region:
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select( (.service == "AMAZON" ) and .region == "eu-central-1") | .ip_prefix'
-
Production tenants in the APJ region:
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select( (.service == "AMAZON" ) and .region == "ap-northeast-1") | .ip_prefix'
Note |
If you don't have jq installed, you can use this shortened version
of the
command: curl -s https://ip-ranges.amazonaws.com/ip-ranges.json
|
|
What to do next
Contact the Cisco Technical Assistance Center (TAC) once you have completed these steps, or in case you encounter any errors. Once you have successfully completed these steps, the Security Cloud Control operations team can complete your SDC migration to the new communication method.