What outbound traffic requirements does Bamboo have for its "Elastic Bamboo" feature?

Assuming we're starting with zero outbound access to the Internet, what outbound traffic requirements does Bamboo have for its "Elastic Bamboo" feature?

I assume it hits one or more AWS API endpoints. Assuming I want to restrict access based on the FQDN of these endpoints, what are they?

e.g https://foo.aws.api.com and https://bar.aws.api.com

1 answer

0 vote

The Elastic Bamboo feature hits several AWS API endpoints indeed. Here are your options:

Regions and Endpoints

AWS maintains a list of Regions and Endpoints:

To reduce data latency in your applications, most Amazon Web Services offer a regional endpoint to make your requests. An endpoint is a URL that is the entry point for a web service. For example, https://dynamodb.us-west-2.amazonaws.com is an entry point for the Amazon DynamoDB service.

  • Not all AWS services are necessarily available in all regions right away, though region coverage is typically increased over time. The endpoint naming pattern seems extremely consistent meanwhile though, thus it should be possible to deduce future regional endpoints so that you wouldn't need to extend your configuration every other week (see also Regions and Availability Zones).

Elastic Bamboo AWS Service Usage

The subset of AWS services facilitated by Elastic Bamboo could be deduced from the actions in an applicable IAM Policy for Bamboo. Unfortunately those are still not officially documented as of today though:

However, a related long standing issue has at least seen some helpful comments in this regard:

Regardless, your question is only concerned with the services themselves rather than actions on those, I think the following endpoints would still be sufficient right now regarding Elastic Bamboo itself:

AWS IP Address Ranges

AWS also maintains a list of AWS IP Address Ranges meanwhile:

Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current ranges, download the .json file. To maintain history, save successive versions of the .json file on your system. To determine whether there have been changes since the last time that you saved the file, check the publication time in the current file and compare it to the publication time in the last file that you saved.

Given the enormous worldwide range of all the AWS' CIDR blocks, this is obviously not all that limiting, but better than nothing of course, esp. given AWS has terms of services against malicious usage and is capable of detecting and blocking AWS accounts that systematically violate those.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Renan Battaglin
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,321 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you