I am trying to deploy it on the server via bitbucket. I allowed the ip addresses on https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/. However, it comes from different ip addresses such as amazon and ali baba every time. I wonder what kind of problem could be here.
Note: It was working until August 30th. It stopped working after the last change.
Thank you for your answer. I am using the atlassian infrastructure. However, the IP addresses I mentioned above https://ip-ranges.amazonaws.com/ip-ranges.json are not available here either. Because we allowed the ip addresses here.
We are currently using the Community/Academic (tiered) plan.
pipelines:
branches:
main:
- parallel:
- step:
image: node:14.20.0-slim
name: Install and Build NPM
caches:
- node
artifacts:
- public/build/**
script:
- npm install
- npm run build
- step:
image: php:8.2-fpm
name: Install Composer and Build PHP
caches:
- composer
artifacts:
- vendor/**
script:
- apt-get update && apt-get install -y build-essential libssl-dev zlib1g-dev libpng-dev libjpeg-dev libgmp-dev libfreetype6-dev openssl gnupg libgnutls30 zip redis bash curl
# Install PHP Extensions Installer
- curl -sSLf -o /usr/local/bin/install-php-extensions https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions
- chmod +x /usr/local/bin/install-php-extensions
- install-php-extensions gd gmp zip redis-6.0.2
- step:
name: Production Deploy
deployment: production
script:
- pipe: atlassian/rsync-deploy:0.13.0
variables:
USER: '$USER'
SERVER: '$SERVER'
- pipe: atlassian/ssh-run:0.8.1
variables:
SSH_USER: '$USER'
SERVER: '$SERVER'
MODE: 'script'
COMMAND: 'deploy-scripts/deploy.sh'
Hi Ali İhsan,
You can use https://thameera.com/awsip/ to check which CIDR block a given IP belongs to and confirm if it is from Amazon Web Services. I checked the IP addresses from the screenshot of you first question and they are not AWS IPs.
Can you please add the following command in the script of your production step, before the two pipes are executed?
- curl ifconfig.me
Please note that curl needs to be installed in the Docker image you use as a build container for this step, for the curl command to get executed. You can use image: atlassian/default-image:4 for this step, as it has curl preinstalled.
What IP address do you get from this command if you run a new build?
Can you then check the requests in the same software you checked the blocked ones, around the time that the new Pipelines build runs and see what IPs are listed?
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi and welcome to the community!
Can you please confirm if the Pipelines step that does the deployment runs on Atlassian's infrastructure? If so, we migrated 1x- and 2x-size build steps to a new runtime and they now operate from new, broader IP ranges.
The IP ranges listed in the section "Atlassian IP ranges" of the documentation you shared are used only by steps of size 4x or larger that have the atlassian-ip-range flag:
This option will work only if your workspace is on the Standard or Premium plan.
In all other cases, the following applies (I am quoting from the same documentation page):
The machines that execute all steps on Atlassian Cloud Infrastructure, not just steps opted into atlassian-ip-ranges ranges, are hosted on Amazon Web Services. SSH keyscans are also performed from within this environment.
An exhaustive list of IP addresses that the traffic may come from on AWS can be found by using the following endpoint, filtering to records where the service equals EC2 or S3, and using the us-east-1 and us-west-2 regions.
So, you will need to check this list:
and filter to records where the service equals EC2 or S3, and using the us-east-1 and us-west-2 regions, and allowlist these IP ranges.
Alternatively, if you are on the Standard or Premium plan you can use a 4x step with the flag atlassian-ip-range and then you will only need to allowlist the more limited set of IPs from the "Atlassian IP ranges" section of our docs. Please keep in mind that 4x steps use four times the build minutes of 1x steps.
Please feel free to reach out if you have any questions.
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If the IPs are changing, it could be because of new routing or updates on the server side. Try checking your firewall rules again and make sure all the new IPs are allowed. Also, review any changes made in the pipeline or server settings.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.