I want to whitelist Bitbcuket piplies so that I can run kubectl and eksctl commands from Bitbcuket pipelines without exposing my cluster to publicl internet. Right now I have whitelisted these IPs but still getting time out and connection is from a different IP.
Error I am getting :
eksctl get iamidentitymapping --cluster xxx-Cluster---region=us-east-1
Error: getting auth ConfigMap:
Get "https://xxxxxx.gr7.us-east-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps/aws-auth":
dial tcp 52.203.6.213:443: i/o timeout
Whitelisted IPs from
104.192.136.0/21
185.166.140.0/22
18.205.93.0/25
18.234.32.128/25
13.52.5.0/25
also tried adding these but these are for outbound:
https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/
34.199.54.113/32
34.232.25.90/32
34.232.119.183/32
34.236.25.177/32
35.171.175.212/32
52.54.90.98/32
52.202.195.162/32
52.203.14.55/32
52.204.96.37/32
34.218.156.209/32
34.218.168.212/32
52.41.219.63/32
35.155.178.254/32
35.160.177.10/32
34.216.18.129/32
3.216.235.48/32
34.231.96.243/32
44.199.3.254/32
174.129.205.191/32
44.199.127.226/32
44.199.45.64/32
3.221.151.112/32
52.205.184.192/32
52.72.137.240/32
Is there a definite IP list to add to my EKS cluster to run deployments via bitbucket pipelines?
Hello @vgautam and welcome to the Community!
When connecting to external services from your Bitbucket Pipelines, it's usually only required to allow public IPs listed on Valid IP addresses for Bitbucket Pipelines build environments .
However, since Pipelines infrastructure runs in AWS, if the external resource you are trying to connect/deploy to is also within the same AWS region as Pipelines, AWS will use internal private IPs (private VPC) for the connection instead of the documented pipelines Public IPs.
To solve this, you will need to whitelist in your AWS policy the Pipelines VPC IDs listed in the following article :
Thank you, @vgautam !
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.