Platform IPs Accessing Customer Instances

Note: This article is targeted at BYOC customers who manager their own AWS account. Customers with Engine Yard provided AWS accounts should contact support regarding firewall changes.

Various Engine Yard Cloud platform instances require access to customer instances in order to perform platform operations such as configuration runs and deploys and allow the Support Team to investigate issues (SSH), and allow the instance Performance Graphs to display (HTTP-Alt).

By default this access is granted by the Environment Security Group firewalls being opened to the wider Internet on the required ports. However, should firewall restrictions be tightened, the following IP addresses must still be granted access in order for continued platform functioning.

The current IP addresses (as of 7nd September 2022) which are required to be able to access customer environments are as follows:

SSH (port 22):

  • 23.22.26.57/32
  • 34.229.7.124/32
  • 52.91.161.246/32
  • 3.92.26.95/32
  • 34.237.91.174/32
  • 52.90.41.237/32
  • 52.91.188.52/32
  • 23.21.220.64/32
  • 52.89.47.60/32
  • 54.196.254.209/32
  • 18.232.150.85/32
  • 3.86.87.187/32

HTTP-Alt (port 8989):

  • 34.228.159.56/32
  • 34.200.230.183/32
  • 34.229.247.33/32
  • 52.91.86.106/32
  • 75.101.164.212/32
  • 54.234.7.228/32

No longer in use (rules can be removed):

  • 54.174.171.29/32 - (21st Aug 2020)
  • 54.235.9.27/32 - (2nd October 2020)
  • 54.175.161.141/32 (06th April 2021)
  • 34.229.162.68/32 (10th August 2021)
  • 52.207.167.86/32 (10th August 2021)
  • 34.229.167.111/32 (7th December 2021)
  • 54.82.95.190/32 (Since 23rd December 2021)
  • 52.201.221.171/32 (Since 23rd December 2021)
  • 35.153.18.170/32 - (Sat, 13 Nov 2021)
  • 100.26.219.220/32 - (Sat, 30 Oct 2021)
  • 34.206.1.72/32 - (Thu, 16 Dec 2021)
  • 3.91.250.130/32 - (Sat, 13 Nov 2021)
  • 54.236.44.217/32 - (Thu, 16 Dec 2021)
  • 3.90.30.235/32 - (Sat, 30 Oct 2021)
  • 54.197.209.163/32 - (Fri, 19 Nov 2021)
  • 23.22.16.230/32 - (Sat, 30 Oct 2021)
  • 54.164.231.35/32 - (Sat, 30 Oct 2021)
  • 174.129.179.173/32 - (Wed, 29 Dec 2021)
  • 34.229.184.207/32
  • 54.89.252.35/32
  • 54.89.133.129/32
  • 100.25.155.80/32
  • 44.195.92.69/32
  • 54.224.98.27/32
  • 3.84.146.169/32

Notes:

Customers making use of the whitelisting automation should be aware that:

  • Old IP rules are not removed automatically and require manual removal
  • The automation adds SSH rules for all platform IPs, therefore:
  • The following IPs will have SSH rules added, that won't be used:
    • 34.227.24.36/32
    • 35.174.170.252/32
    • 34.234.79.247/32
    • 52.87.217.18/32
    • 34.201.173.110/32
    • 35.171.169.33/32
    • 34.205.203.30/32
    • 52.91.135.160/32
    • 3.238.21.125/32
    • 34.235.159.78/32
  • The IPs required for port HTTP-Alt will be unnecessarily opened for SSH
  • If removed, these unnecessary SSH will be added again by the automation
  • If these unnecessary rules result in hitting the SG rule limit, then the limit can be requested to be increased at AWS (dependable on certain conditions) or the automation can be removed and manual rule management used
  • HTTP-Alt rules should be manually added if needed

 

 

 

Comments

Article is closed for comments.