This article is about General CodeShip Configuration.

IP Whitelisting

You will need roughly 2 minutes to read this article.

The IP whitelisting feature is only available on paid subscriptions.

The IP whitelisting feature is mainly useful if you have a self-hosted git server or if you deploy/push build artifacts to something that’s hosted behind your own firewall.

If you’re unsure if you need IP whitelisting or not, keep reading. If you know you need it, jump to Setting up Whitelisting to get started.

When to use IP Whitelisting

There’s no need for whitelisting if you’re deploying to Heroku or similar cloud services, as they generally allow connections from any public IP address.

If you use AWS, Google Cloud, or Azure you shouldn’t need to use whitelisting, unless you have a VPC setup that does not allow access from public networks.

As a rule of thumb, you only need the whitelisting feature if you’re connecting to a server/service that does not have a public IP address.

How whitelisting works

Once the whitelisting feature is enabled, all traffic from CodeShip builds will originate from one of the eight IP addresses listed further below.

This will allow you to open your firewall to allow access from just these IP addresses, instead of allowing access from the entire AWS us-east-1 network (or worse still, from any public IP address). Our whitelisting IP addresses also won’t change, at least not without sufficient notice, which makes maintenance much easier.

Note though, that whitelisting only applies to traffic originating from CodeShip builds. If your organization limits outgoing traffic, you won’t be able to rely on these eight IP addresses to limit outbound traffic to CodeShip. Please get in touch if you’re in this situation and we’ll see what we can do to help.

Setting up Whitelisting

Step 1

The first thing to do is to enable the whitelisting feature on CodeShip:

  1. Navigate to the account that needs the whitelisting feature
  2. Select “Settings” from the top navigation
  3. Check the “Whitelisting” box and save the changes

Step 2

Next step is to open your firewall to the IP addresses listed below. How to do this depends on your firewall, so we’re not going to cover that here.

Generally you should only open access to these IP addresses on the ports that you expect requests to come from.

See the documentation for Self Hosted SCM for details on which ports to open to be able to connect to your internal SCM.

Need more help?

Contact our support team or post on Stack Overflow using the tag #codeship. Did you check the status page and changelog?

There are also several code examples and sample projects available for you to get started with.

Article not helpful?

Does this article need improvement? If so, please send feedback or submit a pull request!