Hi retool team
I have the same issue as mentioned in another post.
The resolution is to open up AWS WAF. But after checking with our infrastructure team, opening up https://[retool on-prem domain]/api/ may be too board and defeat the purpose of WAF.
I wonder if there is any special rules we can setup in AWS WAF to limit to those endpoints which are absolutely necessary. Is there a list?
Thanks.
Henry
Hello @Henry_Leung,
Unfortunately I do not believe we currently have a list of all endpoints from Retool that are needed to be given access for internal processes 
Do you have any more specific details on what endpoints were triggering the 403 error or any other errors that were hitting the firewall?
Check network tab of browser to see which requests from the frontend to the backend are failing and being met with error messages.
We sometimes see this with body size limit being exceeded from what a firewall has set. Or if there are granular rules set on the body of requests being sent, that could be another reason for the firewall blocking requests.
There is definitely a middle group between having the AWS WAF completely opened up and the current rules which are preventing new users from being added.