All of our Balena URLs used to resolved to IPs on the *.elb.us-east-1.amazonaws.com network. It seems that api.balena-cloud.com and delta.balena-cloud.com have both moved from being behind an elastic load balancer on AWS to CloudFlare IPs, is that expected and when did that change occur?
Hi, we have enabled the CloudFlare Proxy for the balenaCloud API on January 24, 2023 to improve the response time for users that are further from AWS US East where we host our backend. We have enabled the CloudFlare Proxy for the other services around February 1. Are you having issues related to this change?
Yes, I have a location with a firewall that uses wildcard fqdn’s (.balena-cloud.com) for the rules. The hosts that are still resolving to AWS IPs are able to traverse the firewall on 443 as expected (cloudlink.balena-cloud.com, registry2.balena-cloud.com) but those that have moved behind CloudFlare (api.balena-cloud.com, delta.balena-cloud.com) are no longer traversing the firewall since that change was made. They are resolving through DNS properly, but I’m thinking the firewall may have cached the rule to the AWS IPs for those hosts so they may need to flush DNS in order to restore API service. Because it is API we are unable to manage OS/Supervisor/& Application releases on those devices. I am going to reach out to them to have them flushdns on the firewall and see if that resolves the issue. Thank you for responding so quickly.