From a32a1b4cc0ffab75fb2c20516beca35c40633876 Mon Sep 17 00:00:00 2001 From: Angela Costa Date: Thu, 12 Dec 2024 15:48:14 +0000 Subject: [PATCH] DLS updates --- .../docs/data-localization/compatibility.mdx | 29 ++++++++++++------- .../metadata-boundary/get-started.mdx | 6 +++- .../regional-services/get-started.mdx | 5 +++- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/src/content/docs/data-localization/compatibility.mdx b/src/content/docs/data-localization/compatibility.mdx index c238945185342e..9d1381ad9efb3c 100644 --- a/src/content/docs/data-localization/compatibility.mdx +++ b/src/content/docs/data-localization/compatibility.mdx @@ -42,14 +42,14 @@ The table below provides a summary of the Data Localization Suite product's beha | ---------------------------- | --------------- | ----------------- | -------------------------- | | Advanced Certificate Manager | ⚫️ | ⚫️ | ⚫️ | | Advanced DDoS Protection | ✅ | ✅ | 🚧 [^3] | -| API Shield | ✅ | ✅ | ✘ [^4] | +| API Shield | ✅ | ✅ | 🚧 [^4] | | Bot Management | ✅ | ✅ | 🚧 [^5] | -| DNS Firewall | ⚫️ | ⚫️ | 🚧 [^1] | +| DNS Firewall | ⚫️ | ⚫️ | 🚧 [^22] | | Page Shield | ✅ | ✅ | ✅ | -| Rate Limiting | ✅ | ✅ | 🚧 [^1] | +| Rate Limiting | ✅ | ✅ | ✅ [^37] | | SSL | ✅ | ✅ | ✅ | | Cloudflare for SaaS | ✘ | ✅ | ✅ | -| Turnstile | ⚫️ | ✘ | ✅ | +| Turnstile | ⚫️ | ✘ | ✅ [^38] | | WAF/L7 Firewall | ✅ | ✅ | ✅ | | DMARC Management | ⚫️ | ⚫️ | ✅ | @@ -60,17 +60,19 @@ The table below provides a summary of the Data Localization Suite product's beha | Product | Geo Key Manager | Regional Services | Customer Metadata Boundary | | ---------------------------- | --------------- | ----------------- | -------------------------- | | Cloudflare Images | ⚫️ | ✅ [^36] | 🚧 [^35] | -| Cloudflare Pages | ✘ | ✅ [^11] | 🚧 [^1] | +| AI Gateway | ✘ | ✘ | 🚧 [^39] | +| Cloudflare Pages | ✅ [^11] | ✅ [^11] | 🚧 [^1] | +| Cloudflare D1 | ⚫️ | ⚫️ | 🚧 [^40] | | Durable Objects | ⚫️ | ✅ [^7] | 🚧 [^1] | | Email Routing | ⚫️ | ⚫️ | ✅ | | R2 | ✅ [^27] | ✅ [^8] | ✅ [^28] | | Smart Placement | ⚫️ | ✘ | ✘ | | Stream | ⚫️ | ✘ | 🚧 [^1] | -| Workers (deployed on a Zone) | ✅ | ✅ | 🚧 [^1] | +| Workers (deployed on a Zone) | ✅ | ✅ | 🚧 [^41] | | Workers AI | ⚫️ | ✘ | ✅ | | Workers KV | ⚫️ | ✘ | ✅ [^34] | | Workers.dev | ✘ | ✘ | ✘ | - +| Workers Analytics Engine (WAE) | ⚫️ | ⚫️ | 🚧 [^1] | *** @@ -81,9 +83,10 @@ The table below provides a summary of the Data Localization Suite product's beha | Argo Smart Routing | ✅ | ✘ [^9] | ✘ [^10] | | Static IP/BYOIP | ⚫️ | ✅ [^26] | ⚫️ | | Magic Firewall | ⚫️ | ⚫️ | ✅ | +| Magic Network Monitoring | ⚫️ | ⚫️ | 🚧 [^1] | | Magic Transit | ⚫️ | ⚫️ | 🚧 [^1] | | Magic WAN | ⚫️ | ⚫️ | ✅ | -| Spectrum | ✅ | ✅ | ✅ | +| Spectrum | ✅ | ✅ [^42] | ✅ | *** @@ -112,7 +115,7 @@ The table below provides a summary of the Data Localization Suite product's beha [^1]: Logs / Analytics not available outside US region when using Customer Metadata Boundary. [^2]: Regular and Custom Tiered Cache works; Smart Tiered Caching not available with Regional Services. [^3]: Adaptive DDoS Protection is only supported for US CMB. -[^4]: API shield will not yet work with Customer Metadata Boundary enabled outside of US region. +[^4]: Features such as API Discovery and Volumetric Abuse Detection will not work with CMB set to EU only. [^5]: Some advanced Enterprise features, including the [Anomaly Detection engine](/bots/concepts/bot-score/#anomaly-detection), are not available. [^6]: Only when using a Custom Domain set to a region, either through Workers or [Transform Rules](/images/transform-images/serve-images-custom-paths/) within the same zone. [^7]: [Jurisdiction restrictions for Durable Objects](/durable-objects/reference/data-location/#restrict-durable-objects-to-a-jurisdiction). @@ -126,7 +129,7 @@ The table below provides a summary of the Data Localization Suite product's beha [^15]: Can be localized to US FedRAMP region only. More regions coming in 2024. [^16]: Customer Metadata Boundary can be used to limit data transfer outside region, but Access User Logs will not be available outside US region. [^17]: Currently may only be used with US FedRAMP region. -[^18]: Only US FedRAMP region. +[^18]: The only connectivity option is [US FedRAMP region](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#region). Regional Services only applies when using [Public Hostnames](/cloudflare-one/connections/connect-networks/routing-to-tunnel/) set to a region. [^19]: Uses Gateway HTTP and CASB. [^20]: You can [bring your own certificate](https://blog.cloudflare.com/bring-your-certificates-cloudflare-gateway/) to Gateway but these cannot yet be restricted to a specific region. [^21]: Gateway HTTP supports Regional Services. Gateway DNS does not yet support regionalization.
ICMP proxy and WARP-to-WARP proxy are not available to Regional Services users. @@ -142,3 +145,9 @@ The table below provides a summary of the Data Localization Suite product's beha [^34]: Jurisdictional Restrictions (storage) for Workers KV pairs is not supported today. [^35]: Logs / Analytics not available outside US region when using Customer Metadata Boundary. Jurisdictional Restrictions (storage) options are not supported today. [^36]: Only when using a [Custom Domain](/images/manage-images/serve-images/serve-from-custom-domains/) set to a region. +[^37]: Legacy Zone Analytics & Logs section not available outside US region when using CMB. Use [Security Analytics](/waf/analytics/security-analytics/) instead. +[^38]: [Turnstile Analytics](/turnstile/turnstile-analytics/) are available. However, there are no regionalization guarantees for the Siteverify API yet. +[^39]: Jurisdictional Restrictions (storage) options for [Logs](/ai-gateway/observability/logging/) are not supported today. +[^40]: Jurisdictional Restrictions ([data location](/d1/configuration/data-location/) / storage) options are not supported today. +[^41]: Logs / Analytics not available outside US region when using Customer Metadata Boundary. Use Logpush instead. +[^42]: Only applies to HTTP/S Spectrum applications. diff --git a/src/content/docs/data-localization/metadata-boundary/get-started.mdx b/src/content/docs/data-localization/metadata-boundary/get-started.mdx index 38474b386df308..e002d916b16c98 100644 --- a/src/content/docs/data-localization/metadata-boundary/get-started.mdx +++ b/src/content/docs/data-localization/metadata-boundary/get-started.mdx @@ -22,7 +22,11 @@ To configure Customer Metadata Boundary in the dashboard: ## Configure Customer Metadata Boundary via API -You can also configure Customer Metadata Boundary via API. These are some examples of API requests. +You can also configure Customer Metadata Boundary via API. + +Currently, only SuperAdmins and Admin roles can edit DLS configurations. Use the **Account-level Logs:Read/Write** API permissions for the `/logs/control/cmb` endpoint to read/write Customer Metadata Boundary configurations. + +These are some examples of API requests.
diff --git a/src/content/docs/data-localization/regional-services/get-started.mdx b/src/content/docs/data-localization/regional-services/get-started.mdx index 881492bab5edf1..d6706eb2c54f83 100644 --- a/src/content/docs/data-localization/regional-services/get-started.mdx +++ b/src/content/docs/data-localization/regional-services/get-started.mdx @@ -75,8 +75,11 @@ Refer to the table below for the complete list of available regions and their de ## Configure Regional Services via API -You can also use Regional Services via API. These are some examples of API requests. +You can also use Regional Services via API. +Currently, only SuperAdmins and Admin roles can edit DLS configurations. Use the Zone-level **DNS: Read/Write** API permission for the `/addressing/` endpoint to read or write Regional Services configurations. + +These are some examples of API requests.