Skip to main content

Overview of DAS Envoy System

The Styra DAS Envoy system type helps you manage the ingress and egress network traffic permitted within your Envoy-based proxy. For example, permit egress traffic only to a predefined collection of endpoints to minimize the risk of data exfiltration or implement microservice API authorization.

Figure 1 - Envoy Architecture for Ingress trafficFigure 1 - Envoy Architecture for Ingress traffic

Figure 2 - Envoy Architecture for Egress trafficFigure 2 - Envoy Architecture for Egress traffic

For more information on how Envoy’s external authorization filter can be used with OPA as an authorization service to enforce security policies over API requests received by Envoy, see the Envoy tutorial.