JFrog Platform Cloud provides the full end-to-end JFrog solution for secure software development and distribution in a fully managed, scalable service.
There are several prerequisite steps that must be completed to ensure a smooth and seamless experience.
Allow Outgoing Traffic from the JFrog Platform Cloud to Your Organization
To enable communication between the JFrog Platform Cloud and your organization, you must allow the JFrog Platform Cloud's NAT IPs on your organization's network. This is establishes egress traffic and ensures smooth data flow between the JFrog Platform Cloud and your organization.
For more information, see: What Are Artifactory Cloud NATed IPs?
Verify Support for Direct Cloud Storage Download
By default, JFrog Platform Cloud uses Direct Cloud Storage Download to serve artifacts. When a client requests an artifact, Artifactory responds with a redirect to the URL of the artifact in cloud storage. The client downloads the binary directly from cloud storage.
Direct Cloud Storage Download eliminates Artifactory as a middleman in downloads. This optimizes performance and supports scaling.
For a JFrog Platform Cloud deployed on AWS or GCP clouds, you must allow incoming traffic from the cloud providers' storage, as follows:
Ensure that all workloads and clients across your organization can download traffic directly from AWS S3 Bucket or Google Cloud Storage.
Ensure that all clients and workloads in your organization support redirection with a 302 Status Code. This is typically supported by most modern clients.
For more information, see What URLs/IPs Should I Add to an Allowlist for Direct Cloud Storage Download.
Refer to the following information from your cloud vendor:
For JFrog Platform Cloud deployments deployed on the Azure cloud, currently no special configuration is required.
Secure Access with an IP CIDR Allow List
By default, JFrog Platform Cloud is accessible from the public internet. For enhanced security, we strongly recommended that you limit access to the IPs used by your organization's clients and workloads.
To secure your instance:
Configure IP CIDR allow lists using the MyJFrog Portal.
Implement access restrictions so that only authorized IPs can reach the platform.
For more information, see Configure the IP/CIDR Allowlist in MyJFrog .
Enable Log Collection
By default, cloud logs are not retained. We strongly recommend that you enable automated log collection for sites in your subscription as soon as possible. Set up log collection using one of these methods:
JFrog Cloud Log Collection saves logs to a dedicated Artifactory system repository. This feature is enabled by an API to each SaaS JPD site in your subscription.
JFrog Cloud Streaming (available with JFrog Cloud Enterprise+ subscription only) is a near-real-time log streaming service that allows customers to stream eligible logs from their JFrog Cloud instance to third-party cloud-based log analytics platforms.
Optional Enhanced Capabilities
These steps describe optional features you can implement in your subscription during setup.
Configure a CNAME for your JFrog Platform Cloud Instance (Optional)
A CNAME (Canonical Name) is a DNS record that acts as an alias. You can define a custom domain name in the MyJFrog Portal that points to your Artifactory instance, making it easier to access and share. A recognizable URL enhances usability and service branding, and facilitates seamless integration with other tools in your development ecosystem.
For more information, see Create a New Custom Domain Name in MyJFrog.
Establish Private Connectivity (Optional)
JFrog can use Virtual Private Cloud (VPC) technology to communicate through a secure tunnel, without exposing your traffic to the public internet. JFrog supports AWS PrivateLink, GCP Private Service Connect, and Azure Private Link. Configure VPC using the MyJFrog Portal.
For more information, see Manage PrivateLink Connections in MyJFrog.
Ready to Onboard!
After you complete these basic setup procedures, your JFrog Platform can now be rolled out to your users:
Define projects and assign resources and user permissions to each project. Assign users to projects.
Grant access to relevant team leaders in Your Organization (Development, Security, DevOps, and DevSecOps)
If your subscription is geographically disperse, define your topology with the servers available in your subscription.
Create repositories and map them to internal and external resources.
Define security behaviors: configure Xray SCA scans, watches, and policies and JFrog Advanced Security SAST scans, contextual analysis, and advanced policies.