Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unknown New Bitbucket Pipeline IP Address

Jonathan Duncan
Jonathan Duncan
Contributor
September 23, 2024

I have a script that runs in Pipelines. It accesses a resource that is blocked by my load-balancers unless the request is from a known IP address. I have the lists of known Bitbucket IP addresses, so this request usually works. Today it stopped working and the IP that was reported is: `44.198.171.117`

Is this a new IP that has not made it onto the official lists? A `whois` shows that it belongs to Amazon.

That Address is not in any of the lists that I have found:

https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/#AtlassiancloudIPrangesanddomains-OutgoingConnections

https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/

https://ip-ranges.atlassian.com/

Answer
Watch
Like # people like this
2319 views

5 answers

2 votes
Atlassian recommended
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 24, 2024

G'day, 

We have recently updated our 1x/2x size option builds to operate from a new, broader IP range. To access the complete list of IP addresses, you can use this endpoint to filter results specifically for EC2 resources located in us-east1 and us-west2

Important Note: The IP addresses provided via this endpoint are managed by Amazon and are subject to change. We recommend regularly checking this endpoint and updating your firewall's IP list accordingly. Additionally, consider exploring automation options to streamline updating IPs in response to changes.

 If you require your builds to run from a more limited set of IP addresses, you must use the atlassian-ip-ranges runtime configuration available on 4x/8x steps. This configuration is documented here.

Please Note: Using larger step sizes may have billing implications. Please review the related documentation on step sizes that are available here.

I hope this helps. 

Regards,
Syahrul

View More Comments
Jonathan Duncan
Jonathan Duncan
Contributor
September 25, 2024

I searched for all of the IP addresses that myself and other commenters have specified on this thread. I did not find any of them listed at either of the endpoints that you mentioned:

- https://ip-ranges.atlassian.com/
- https://ip-ranges.amazonaws.com/ip-ranges.json

Like
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2024

Hey @Jonathan Duncan 

You can use https://thameera.com/awsip/ to check for the IPs subnet. It should give you the correct subnet that you can use to allowlist.

Regards,
Syahrul

Like
Jones, Damon
Jones, Damon
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 14, 2024

Is there a proper list somewhere or an Atlassian API that can list pipeline's currently used IP subnets? Exposing our IP allowlisted resources to EVERYTHING running on AWS defeats the point of securing those resources in the first place.

Like Mike Frank likes this
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 17, 2024

Hey @Jones, Damon 

We have a new updated information that I highly suggest you to check them at:

Unknown IP 

I hope this helps.

Regards,
Syahrul

Like
Reply
2 votes
Zach Robert
Zach Robert
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 24, 2024

Also confirming this - had a few users with deployment issues this morning, found the following 3 IPs being blocked as they weren't part of our Bitbucket Pipeline policy:

44.199.196.217
44.211.80.122
52.23.252.59

View More Comments
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2024

Hey @Zach Robert 

These IP addresses are part of the broader IP range listed at AWS IP Ranges.

To verify the IP addresses you encounter and allowlist specific subnets, you can use this tool.

However, I recommend filtering for services equal to EC2 or S3 and focusing on the us-east-1 and us-west-2 regions.

Regards,
Syahrul

Like
Reply
2 votes
Tim Spiekermann
Tim Spiekermann September 24, 2024

I can confirm this.

We have rsync deployment problems since yesterday and are debugging right now. It seems, there are some new undocumented IP addresses in use:

3.231.55.79
44.192.120.9

View More Comments
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2024

Hey @Tim Spiekermann 

These IP addresses are part of the broader IP range listed at AWS IP Ranges.

To verify the IP addresses you encounter and allowlist specific subnets, you can use this tool.

However, I recommend filtering for services equal to EC2 or S3 and focusing on the us-east-1 and us-west-2 regions.

Regards,
Syahrul

Like Tim Spiekermann likes this
Tim Spiekermann
Tim Spiekermann September 25, 2024

Thank you,

we are using atlassian-ip-range: true and size: x4 config now and it works.

Like
Reply
1 vote
Tim Spiekermann
Tim Spiekermann September 24, 2024

See answer here:

https://community.atlassian.com/t5/Bitbucket-questions/bitbucket-new-pipline-ip-address-list/qaq-p/2817058

They are using a lot of AWS IP ranges per default now, but you can configure your x4/x8 pipeline with atlassian-ip-ranges: true.

Just tested it and it works (it does not without size: 4x)

View More Comments
Corey Mohler
Corey Mohler
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 24, 2024

I tried adding that to my pipeline but I'm still getting new ips.

Like # people like this
Reply
0 votes
Renato Lima
Renato Lima
Contributor
September 25, 2024

There is this blog post regarding the change https://bitbucket.org/blog/evolving-bitbucket-pipelines-to-unlock-faster-performance-and-larger-builds

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events