Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Whitelist IPs for pipelines in Amazon EKS

vgautam
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 6, 2024

I want to whitelist Bitbcuket piplies so that I can run kubectl and eksctl commands from Bitbcuket pipelines without exposing my cluster to publicl internet. Right now I have whitelisted these IPs but still getting time out and connection is from a different IP.
Error I am getting :

 eksctl get iamidentitymapping --cluster xxx-Cluster---region=us-east-1
Error: getting auth ConfigMap:
Get "https://xxxxxx.gr7.us-east-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps/aws-auth":
dial tcp 52.203.6.213:443: i/o timeout

Whitelisted IPs from 

  • 104.192.136.0/21

  • 185.166.140.0/22

  • 18.205.93.0/25

  • 18.234.32.128/25

  • 13.52.5.0/25

also tried adding these but these are for outbound:
https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/
34.199.54.113/32
34.232.25.90/32
34.232.119.183/32
34.236.25.177/32
35.171.175.212/32
52.54.90.98/32
52.202.195.162/32
52.203.14.55/32
52.204.96.37/32
34.218.156.209/32
34.218.168.212/32
52.41.219.63/32
35.155.178.254/32
35.160.177.10/32
34.216.18.129/32
3.216.235.48/32
34.231.96.243/32
44.199.3.254/32
174.129.205.191/32
44.199.127.226/32
44.199.45.64/32
3.221.151.112/32
52.205.184.192/32
52.72.137.240/32

Is there a definite IP list to add to my EKS cluster to run deployments via bitbucket pipelines?

1 answer

1 vote
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 9, 2024

Hello @vgautam and welcome to the Community!

When connecting to external services from your Bitbucket Pipelines, it's usually only required to allow public IPs listed on Valid IP addresses for Bitbucket Pipelines build environments .

However, since Pipelines infrastructure runs in AWS, if the external resource you are trying to connect/deploy to is also within the same AWS region as Pipelines, AWS will use internal private IPs (private VPC) for the connection instead of the documented pipelines Public IPs.

To solve this, you will need to whitelist in your AWS policy the Pipelines VPC IDs listed in the following article :

Thank you, @vgautam !

Patrik S

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events