IP Allow List for builds | Feature Requests

IP Allow List for builds

complete

Rishi Kumar

Customers are requesting an ability to see the exact list of IPs that CircleCI webhooks and SSH connections come from.

CCI-I-35

November 13, 2017

win01

@Granny Game I completely agree with this request – in a professional CI/CD environment, security is always a top priority. Knowing the exact IP range that webhooks and SSH connections use not only helps control access better but also helps configure the firewall correctly, minimizing the risk of external attacks. I hope CircleCI will soon deploy it to meet this practical need from the community.

Sebastian Lerner

Hello! A final update, we officially made this feature generally available on January 28, 2022: https://circleci.com/blog/ip-ranges-better-security/.
We've heard from customers during the feature's preview that two similar pieces of functionality would be valuable:
IP ranges for Machine jobs: https://circleci.canny.io/cloud-feature-requests/p/ip-ranges-for-machine-jobs
Dedicated IP ranges: https://circleci.canny.io/cloud-feature-requests/p/dedicated-ip-ranges
Please upvote and/or leave comments in the two new feature requests if you would find them useful.  They are currently being evaluated and I'll share more info in the respective Canny requests when I have it. Thanks all!

Sebastian Lerner

marked this post as

complete

Hi all! We’re excited to announce that we’ve added a new feature, IP ranges, to address this request.  The feature is now live for Cloud customers on a paid pricing plan.  Pricing will be calculated based on network data usage of jobs that have opted in to using the IP ranges feature.  There is no charge while the feature is in preview.  Pricing details will be shared soon and will take effect when the feature is generally available.
IP ranges is currently exclusively available for Docker jobs, not including remote_docker. For more information on getting started, see the IP ranges documentation page:
https://circleci.com/docs/2.0/ip-ranges/
Feel free to send feedback during the open preview in the new “IP Ranges (open preview)” category on our Cloud Canny board:
https://ideas.circleci.com/cloud-feature-requests

bryan.hunt@erlang-solutions.com

Sebastian Lerner: Nice, we dumped github actions for this reason. Needed to deploy to Kubernetes API server from CI job and didn't want to expose to the world. Github actions could only tell us the IP would be a random IP from an Azure datacentre. Big range, too big, so we ditched and left them.

Alex Liang

Would love static IPs to whitelist for our automatic testing

Ahmadali bagheri

angelo.mao@robotemi.com

I want this features definitely

Enes ER

Hmm🤔, will this comment be useful ?

christina.schelin@mindbodyonline.com

(Commenting for tracking.)

Alexey

Hi all, I’ve been reaching out to some of you who have voted on this idea to get feedback on a few approaches we’re considering for IP allow listing.
If you have feedback that you want to make sure we incorporate while building this feature, please email me at alexey (at) circleci.com or just respond in this comment’s thread, and I’ll set up some time for a quick call.
Thanks!

Daniel 'f0o' Preussker

This is now Top 3 wanted feature - Is there any news regarding it?

→