You'll need roughly 2 minutes to read this article.
The IP whitelisting feature is mainly useful if you have a self-hosted git server or if you deploy/push build artifacts to something that’s hosted behind your own firewall.
If you’re unsure if you need IP whitelisting or not, keep reading. If you know you need it, jump to Setting up Whitelisting to get started.
There’s no need for whitelisting if you’re deploying to Heroku or similar cloud services, as they generally allow connections from any public IP address.
If you use AWS, Google Cloud, or Azure you shouldn’t need to use whitelisting, unless you have a VPC setup that does not allow access from public networks.
As a rule of thumb, you only need the whitelisting feature if you’re connecting to a server/service that does not have a public IP address.
Once the whitelisting feature is enabled, all traffic from Codeship (including the build machine your build is running on) will originate from one of the eight IP addresses listed further below.
This will allow you to open your firewall to allow access from just these IP addresses, instead of allowing access from the entire AWS us-east-1 network (or worse still, from any public IP address). Our whitelisting IP addresses also won’t change, at least not without sufficient notice, which makes maintenance much easier.
Note though, that whitelisting only applies to traffic originating from Codeship. If your organization limits outgoing traffic, you won’t be able to rely on these eight IP addresses to limit outbound traffic to Codeship. Please get in touch if you’re in this situation and we’ll see what we can do to help.
The first thing to do is to enable the whitelisting feature on Codeship:
Next step is to open your firewall to the IP addresses listed below. How to do this depends on your firewall, so we’re not going to cover that here.
220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168
Generally you should only open access to these IP addresses on the ports that you expect requests to come from.
See the documentation for Self Hosted SCM for details on which ports to open to be able to connect to your internal SCM.
We also have a couple of code examples and sample projects available.