What outbound traffic requirements does Bamboo have for its "Elastic Bamboo" feature?

Assuming we're starting with zero outbound access to the Internet, what outbound traffic requirements does Bamboo have for its "Elastic Bamboo" feature?

I assume it hits one or more AWS API endpoints. Assuming I want to restrict access based on the FQDN of these endpoints, what are they?

e.g https://foo.aws.api.com and https://bar.aws.api.com

1 answer

0 votes

The Elastic Bamboo feature hits several AWS API endpoints indeed. Here are your options:

Regions and Endpoints

AWS maintains a list of Regions and Endpoints:

To reduce data latency in your applications, most Amazon Web Services offer a regional endpoint to make your requests. An endpoint is a URL that is the entry point for a web service. For example, https://dynamodb.us-west-2.amazonaws.com is an entry point for the Amazon DynamoDB service.

  • Not all AWS services are necessarily available in all regions right away, though region coverage is typically increased over time. The endpoint naming pattern seems extremely consistent meanwhile though, thus it should be possible to deduce future regional endpoints so that you wouldn't need to extend your configuration every other week (see also Regions and Availability Zones).

Elastic Bamboo AWS Service Usage

The subset of AWS services facilitated by Elastic Bamboo could be deduced from the actions in an applicable IAM Policy for Bamboo. Unfortunately those are still not officially documented as of today though:

However, a related long standing issue has at least seen some helpful comments in this regard:

Regardless, your question is only concerned with the services themselves rather than actions on those, I think the following endpoints would still be sufficient right now regarding Elastic Bamboo itself:

AWS IP Address Ranges

AWS also maintains a list of AWS IP Address Ranges meanwhile:

Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current ranges, download the .json file. To maintain history, save successive versions of the .json file on your system. To determine whether there have been changes since the last time that you saved the file, check the publication time in the current file and compare it to the publication time in the last file that you saved.

Given the enormous worldwide range of all the AWS' CIDR blocks, this is obviously not all that limiting, but better than nothing of course, esp. given AWS has terms of services against malicious usage and is capable of detecting and blocking AWS accounts that systematically violate those.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Organizing your space just got easier - Page Tree Drag & Drop is here

Hi Community! I’m Elaine, Confluence Product Manager. You may have read my earlier post about page tree in space navigation sidebar. I'm excited to share another improvement that helps you organize ...

158 views 3 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you