Customers are requesting an ability to see the exact list of IPs that CircleCI webhooks and SSH connections come from.
Some customers also interested in reserving specific IPs to belong to their org/project, similar to AWS elastic IPs.
Any news on if this is even being considered?
Bump. This needs to exist if you expect people with strict infosec related policies to use/adopt CircleCI/take it seriously, and it's almost trivial to wire it up. We keep getting emails about new CIDR blocks to provision which is unsat in many ways. CircleCI should be publishing a programmatically generated file with all the CIDR blocks (ideally json) that should have a hole punched so ALL CIDR blocks exist in a single source of truth, with a checksum for each generation to verify the integrity. We need to be able to programatically determine which CIDR blocks CircleCI no longer uses so that artifacts can be removed with exhaustion. You're forcing your customers to maintain statefulness for your own infrastructure, which is not only something customers should be responsible for but also creating liabilities from leaving holes punched for originating hosts that are no longer valid.
any update about this?
definitely want this
This would be a significant boon for us; our alternative is to roll home-grown systems to do handle work that is in a secured network.
The company I am working for is reviewing our security policy, as a result they are suggesting that we should stop using circleci because of this matter - is there anything new on the matter of getting access to whitelisted IPs?
We also need this feature. we use ansible for deployment, so we have to make ssh port public now.
Two years has gone since this feaure is requested, I don't think they will do that.
Has there been any progress on this front? Does CircleCI not have EIPs attached to their nat endpoints in AWS?
Would be helpful to get this feature from you guys
Any updates? This is killing me to have to open my instances to the world just for CircleCI testing... +1 for assigning an EIP to your NAT Gateway(s) and just publishing those.
This should absolutely be a feature.
Would love to have this feature
Any idea if/when this might happen? It's pretty important to us (actually, I had assumed it would already have been in place).
+1 (and may more for my engineering team)
This is vital for our use case. Only because of this we might have to drift away from using CircleCI in favour of something that offers this simple feature. I guess CircleCI staff has no qualified AWS solution architect to take on this simple challenge?
+1 This is really relevant for us. Thanks!
+1 The current recommended methodology is not security best practice.
any update on this
+1 What is happening with this?
You won't be notified about changes to this idea.