IP Address Ranges for Safelisting/Do You Have Static IP Addresses Available?

Initial Troubleshooting

Please see the IP ranges documentation page to enable CircleCI jobs to go through a set of well-defined IP address ranges. IP ranges let you limit inbound connections to your infrastructure to IP address ranges that are verifiably associated with CircleCI.

If the above feature does not meet your needs, below are some alternative methods many of our customers are using:

CircleCI Runner

Server Product

    • If the above solutions don't work for you, you may consider our Server solution where you can run a CircleCI installation in your own VPC and/or specify your own IP ranges.


Workarounds that are not officially supported but have been used by others for safelisting IP address ranges


Bastion Host

    • Configure SSH tunneling into your private environment via a bastion/jump host. Example Configuration / Orb
    • If you require, you could safelist this bastion host for your environment's firewall.
    • In addition to the SSH key, you can further secure your SSH connection by limiting what commands can be run via the jump host. Example


Dynamic Safelisting

    • Using your cloud provider's CLI tool, dynamically fetch the current builder's IP address and add it to a security group which has access to internal resources. At the end of the build, you'd remove that IP to prevent having leftover IPs.
    • AWS-Specific Example
    • To always run cleanup, use the `when: always` declaration under a run step. Documentation

Was this article helpful?
39 out of 90 found this helpful



Article is closed for comments.