As per this document I've arranged the firewall rules on DigitalOcean side, in 2024. Until today my pipelines have worked successfully, but starting from today, they started to fail with connection timeouts. Are there new IP range changes?
For example the container's addresses are 35.87.35.16 and 54.188.146.234, these are two examples of failed pipelines.
Welcome to the Atlassian community!
The two IP addresses referenced are valid IP addresses belonging to the following subnets
The subnets can be found on https://ip-ranges.amazonaws.com/ip-ranges.json
You'll need to allowlist the entire list of IP subnets. You can find the full list of IP addresses specifically filtered for EC2 or S3 resources in us-east-1 and us-west-2. The following cURL command can be used to download a complete list of IP addresses into a text file.
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select((.service == "EC2") and (.region == "us-west-2" or .region == "us-east-1")).ip_prefix' | sort -n > actual_ips.txt
Understandably, it is a large number of subnets.
That said, opting for the 4x/8x runtime option will enhance performance and provide a more controlled network environment (Fixed IP address). This is advisable if you aim to prioritize security and efficiency in your CI/CD processes.
If you prefer your builds to operate from a more restricted (fixed) set of IP addresses, utilize the {{atlassian-ip-ranges}} runtime configuration, which is exclusively available with 4x/8x step sizes. This option enhances security by narrowing the IP addresses to a smaller, easier-to-manage set. More details about this configuration can be found here.
Please note: Choosing larger step sizes (4x/8x) may affect billing (you could be billed 4 to 8 times the default step size). I encourage you to review the relevant documentation on step sizes to fully understand these implications.
I hope this helps.
- Phil
This command solved our problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.