Merge pull request #7158 from segmentio/DOC-1002

fixed warehouse allowlist warning note

Author: stayseesong

src/connections/storage/catalog/azuresqldw/index.md

@@ -4,14 +4,12 @@ rewrite: true
 redirect_from:
   - '/connections/warehouses/catalog/azuresqldw/'
 ---
-{% include content/warehouse-ip.html %}
-
 
 Azure's [Azure Synapse Analytics](https://azure.microsoft.com/en-us/services/synapse-analytics/){:target="_blank"}, previously known as Azure SQL Data Warehouse, is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics.
 
 {% include content/storage-do-include.md %}
 
-## Getting Started
+## Getting started
 
 Complete the following prerequisites in Microsoft Azure before connecting your Azure Synapse Analytics databases to Segment:
 
@@ -87,6 +85,14 @@ The default [resource allocation class](https://docs.microsoft.com/en-us/azure/s
 
 Users with a Business Tier plan can enable Selective Sync for their Azure Synapse Analytics destination. With Selective Sync, you can customize which collections and properties from a source are sent to each warehouse, which leads to faster, more relevant syncs. To learn more about Selective Sync, review the [Warehouse Syncs](/docs/connections/storage/warehouses/warehouse-syncs/#warehouse-selective-sync) documentation.
 
+### Allowlisting IPs
+
+Segment recommends enabling IP allowlists for added security. All Segment users with workspaces hosted in the US who use allowlists in their warehouses must update those allowlists to include the following ranges:
+* `52.25.130.38/32`
+* `34.223.203.0/28`
+
+Users with workspaces in the EU must allowlist `3.251.148.96/29`.
+
 ## Troubleshooting
 
 ### Segment is not able to connect to Azure Synapse Analytics

src/connections/storage/catalog/bigquery/index.md

@@ -4,7 +4,6 @@ rewrite: true
 redirect_from:
   - '/connections/warehouses/catalog/bigquery/'
 ---
-{% include content/warehouse-ip.html %}
 
 Segment's [BigQuery](https://cloud.google.com/bigquery/){:target="_blank"} connector makes it easy
 to load web, mobile, and third-party source data like Salesforce, Zendesk, and
@@ -138,6 +137,13 @@ To remove access to the shared Service Account:
 
 For more information about managing IAM access, refer to Google's documentation, [Manage access to projects, folders, and organization](https://cloud.google.com/iam/docs/granting-changing-revoking-access){:target="_blank"}.
 
+### Allowlisting IPs
+
+Segment recommends enabling IP allowlists for added security. All Segment users with workspaces hosted in the US who use allowlists in their warehouses must update those allowlists to include the following ranges:
+* `52.25.130.38/32`
+* `34.223.203.0/28`
+
+Users with workspaces in the EU must allowlist `3.251.148.96/29`.
 
 ## Best Practices
 

src/connections/storage/catalog/databricks/index.md

@@ -3,7 +3,6 @@ title: Databricks Destination
 public: true
 
 ---
-{% include content/warehouse-ip.html %}
 
 With the Databricks Destination, you can ingest event data directly from Segment into your Databricks Lakehouse.
 
@@ -87,7 +86,14 @@ Segment uses the service principal to access your Databricks workspace and assoc
 1. Follow the [Databricks guide for adding a service principal to your account](https://docs.databricks.com/en/administration-guide/users-groups/service-principals.html#manage-service-principals-in-your-account){:target="_blank"}. This name can be anything, but Segment recommends something that identifies the purpose (for example, "Segment Storage Destinations"). Note the principal application ID that Databricks generates to use in this step. Segment doesn't require Account admin or Marketplace admin roles.
 2. Follow the [Databricks instructions to generate an OAuth secret](https://docs.databricks.com/en/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal){:target="_blank"}. Note the secret generated by Databricks to use in this step. Once you navigate away from this page, the secret is no longer visible. If you lose or forget the secret, delete the existing secret and create a new one. 
 
-
 Once connected, you'll see a confirmation screen with next steps and more info on using your warehouse.
 
-{% include content/storage-do-include.md %}
+{% include content/storage-do-include.md %}
+
+## Security
+
+Segment recommends enabling IP allowlists for added security. All Segment users with workspaces hosted in the US who use allowlists in their warehouses must update those allowlists to include the following ranges:
+* `52.25.130.38/32`
+* `34.223.203.0/28`
+
+Users with workspaces in the EU must allowlist `3.251.148.96/29`.

src/connections/storage/catalog/db2/index.md

@@ -4,7 +4,6 @@ rewrite: true
 redirect_from:
   - '/connections/warehouses/catalog/db2/'
 ---
-{% include content/warehouse-ip.html %}
 
 Use [IBM Db2](https://www.ibm.com/analytics/us/en/db2/){:target="_blank"} with Segment to get
 all of your event and Cloud Source data in a warehouse built by IBM. This
@@ -64,7 +63,11 @@ To set up an IBM Db2 destination in the Segment app:
 
 ### Allowlisting IPs
 
-If your Db2 Warehouse is in a private network, be sure to [allowlist Segment's IP address](/docs/connections/storage/warehouses/faq/#which-ips-should-i-allowlist) when creating the Db2 user Segment assumes. Otherwise, Segment won't be able to load your data.
+Segment recommends enabling IP allowlists for added security. All Segment users with workspaces hosted in the US who use allowlists in their warehouses must update those allowlists to include the following ranges:
+* `52.25.130.38/32`
+* `34.223.203.0/28`
+
+Users with workspaces in the EU must allowlist `3.251.148.96/29`.
 
 ### Unique User
 

src/connections/storage/catalog/postgres/index.md

@@ -4,8 +4,6 @@ rewite: true
 redirect_from:
   - '/connections/warehouses/catalog/postgres/'
 ---
-{% include content/warehouse-ip.html %}
-
 
 PostgreSQL, or Postgres, is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards compliance. As a database server, its primary functions are to store data securely and return that data in response to requests from other software applications.
 
@@ -104,6 +102,14 @@ To make sure your Postgres database is secure:
 - Create a service user that has `read/write` permissions.
 - Always require SSL/TLS and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL/TLS.
 
+### Allowlisting IPs
+
+Segment recommends enabling IP allowlists for added security. All Segment users with workspaces hosted in the US who use allowlists in their warehouses must update those allowlists to include the following ranges:
+* `52.25.130.38/32`
+* `34.223.203.0/28`
+
+Users with workspaces in the EU must allowlist `3.251.148.96/29`.
+
 ## Best Practices
 
 Once you've got your data in Postgres, you can do even more with it. You might develop an app that performs various functions based on different events being loaded to the database, potentially using [RabbitMQ](https://www.compose.io/articles/going-from-postgresql-rows-to-rabbitmq-messages/){:target="_blank"} as your asynchronous message broker. For example, you might want a banner to appear once your 1000th customer has signed up. The data is at your fingertips; you just need to decide how to use it.

src/connections/storage/catalog/redshift/index.md

@@ -4,7 +4,6 @@ rewrite: true
 redirect_from:
   - '/connections/warehouses/catalog/redshift/'
 ---
-{% include content/warehouse-ip.html %}
 
 This guide explains the process to provision a Redshift cluster and allow the Segment warehouse connector to write to it.
 
@@ -75,6 +74,14 @@ VPCs keep servers inaccessible to traffic from the internet. With VPC, you're ab
 ### SSL/TLS
 Always require SSL/TLS and make sure your data warehouse accepts only secure connections. Segment only connects to your data warehouse using SSL/TLS.
 
+### Allowlisting IPs
+
+Segment recommends enabling IP allowlists for added security. All Segment users with workspaces hosted in the US who use allowlists in their warehouses must update those allowlists to include the following ranges:
+* `52.25.130.38/32`
+* `34.223.203.0/28`
+
+Users with workspaces in the EU must allowlist `3.251.148.96/29`.
+
 ## Best practices
 
 ### Networking

src/connections/storage/catalog/snowflake/index.md

@@ -5,8 +5,6 @@ redirect_from:
   - '/connections/warehouses/catalog/snowflake/'
 ---
 
-{% include content/warehouse-ip.html %}
-
 [Snowflake](https://docs.snowflake.net/manuals/index.html){:target="_blank"} is a data warehouse, built for the cloud, that delivers performance, simplicity, concurrency and affordability.
 
 > info ""

src/connections/storage/warehouses/faq.md

@@ -114,12 +114,11 @@ Segment recommends scripting any sort of additions of data you might have to war
 
 ## Which IPs should I allowlist?
 
-{% include content/warehouse-ip.html %}
+Segment recommends enabling IP allowlists for added security. All Segment users with workspaces hosted in the US who use allowlists in their warehouses must update those allowlists to include the following ranges:
+* `52.25.130.38/32`
+* `34.223.203.0/28`
 
-You must allowlist Segment's custom IPs `52.25.130.38/32` and `34.223.203.0/28` while authorizing Segment to write in to your warehouse port. Currently, Redshift and Postgres are the only connectors that require you to configure an IP upon setup. Segment recommends enabling IP allowlists for added security.
-
-
-If you're in the EU region, use CIDR `3.251.148.96/29`. To learn more about EU workspace locations, contact your account manager.
+Users with workspaces in the EU must allowlist `3.251.148.96/29`.
 
 
 ## Will Segment sync my historical data?