about bitbucket access ip addresses

Hi and welcome to the community!

We have recently updated our 1x/2x size option builds to operate from new, broader IP ranges.

If you need your pipeline builds to operate from a more limited set of IP addresses, consider using the atlassian-ip-ranges configuration available with our 4x/8x steps. These size options are only available for builds running under a paid Bitbucket Cloud plan (Standard or Premium). This setup offers better security by narrowing down the IP addresses used. You can find more information about this configuration here.

To provide some extra context on this change and the requirement for 4x/8x steps to access restricted IP's, please see the discussion re: this topic from the Pipelines community space here.

Please Note: Opting for larger step sizes (4x/8x) may impact billing. We encourage you to review the relevant documentation on step sizes here to understand these implications fully.

If the 4x/8x step sizes are not suitable for you, you can use 1x/2x and access the full list of IP addresses in AWS JSON format. This list can be filtered specifically for EC2 or S3 resources in the us-east-1 and us-west-2 regions.

Note: The IP addresses listed are managed by Amazon and are subject to change. Therefore, relying solely on IP-based firewalls for securing your infrastructure is not recommended. Instead, consider implementing secure authentication methods for any services exposed to Bitbucket Pipelines, such as using OpenID Connect (OIDC). Allowlisting the entire range of AWS IPs can potentially expose your system to risks.

Having said that, we suggest using the 4x/8x runtime option. By choosing the 4x/8x runtime, you benefit from increased performance and a more controlled network environment. This makes it an excellent choice if you want to prioritize security and efficiency in your CI/CD processes.

Please feel free to reach out if you have any questions.

Kind regards,
Theodora