What outbound traffic requirements does Bamboo have for its "Elastic Bamboo" feature?

drewk October 22, 2015

Assuming we're starting with zero outbound access to the Internet, what outbound traffic requirements does Bamboo have for its "Elastic Bamboo" feature?

I assume it hits one or more AWS API endpoints. Assuming I want to restrict access based on the FQDN of these endpoints, what are they?

e.g https://foo.aws.api.com and https://bar.aws.api.com

1 answer

0 votes
Steffen Opel _Utoolity_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 22, 2015

The Elastic Bamboo feature hits several AWS API endpoints indeed. Here are your options:

Regions and Endpoints

AWS maintains a list of Regions and Endpoints:

To reduce data latency in your applications, most Amazon Web Services offer a regional endpoint to make your requests. An endpoint is a URL that is the entry point for a web service. For example, https://dynamodb.us-west-2.amazonaws.com is an entry point for the Amazon DynamoDB service.

  • Not all AWS services are necessarily available in all regions right away, though region coverage is typically increased over time. The endpoint naming pattern seems extremely consistent meanwhile though, thus it should be possible to deduce future regional endpoints so that you wouldn't need to extend your configuration every other week (see also Regions and Availability Zones).

Elastic Bamboo AWS Service Usage

The subset of AWS services facilitated by Elastic Bamboo could be deduced from the actions in an applicable IAM Policy for Bamboo. Unfortunately those are still not officially documented as of today though:

However, a related long standing issue has at least seen some helpful comments in this regard:

Regardless, your question is only concerned with the services themselves rather than actions on those, I think the following endpoints would still be sufficient right now regarding Elastic Bamboo itself:

AWS IP Address Ranges

AWS also maintains a list of AWS IP Address Ranges meanwhile:

Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current ranges, download the .json file. To maintain history, save successive versions of the .json file on your system. To determine whether there have been changes since the last time that you saved the file, check the publication time in the current file and compare it to the publication time in the last file that you saved.

Given the enormous worldwide range of all the AWS' CIDR blocks, this is obviously not all that limiting, but better than nothing of course, esp. given AWS has terms of services against malicious usage and is capable of detecting and blocking AWS accounts that systematically violate those.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events