Please see the IP ranges documentation page to enable CircleCI jobs to go through a set of well-defined IP address ranges.
If the above feature does not meet your needs, below are some alternative methods many of our customers are using:
- Install CircleCI runners on supported platforms (https://circleci.com/docs/2.0/runner-overview)
- Use your own infrastructure for running specific jobs
- Get additional control over the environment
- Configure SSH tunneling into your private environment via a bastion/jump host. Example Configuration / Orb
- If you require, you could safelist this bastion host for your environment's firewall.
- In addition to the SSH key, you can further secure your SSH connection by limiting what commands can be run via the jump host. Example
- Configure a VPN connection to your environment on our machine executor.
- See the article "How to set up a VPN connection during builds?"
- Using your cloud provider's CLI tool, dynamically fetch the current builder's IP address and add it to a security group which has access to internal resources. At the end of the build, you'd remove that IP to prevent having leftover IPs.
- AWS-Specific Example
- To always run cleanup, use the `when: always` declaration under a run step. Documentation
- If the above solutions don't work for you, you may consider our Server solution where you can run a CircleCI installation in your own VPC and/or specify your own IP ranges.
Article is closed for comments.