Articles in this section

Configuring Your Firewall to Accept Cloudsmith and AWS CDN IP Ranges

If you're using a firewall to secure your network and need to ensure uninterrupted access to Cloudsmith services or AWS CloudFront content, follow this guide to properly whitelist the necessary IP addresses.

Understanding Traffic Types

When working with Cloudsmith, your network will handle two main types of traffic: outbound and inbound. Below is a breakdown of what each means for your environment.

1. Outbound Traffic

Outbound traffic refers to connections that your infrastructure initiates to Cloudsmith or its associated services.

  • Examples of Outbound Traffic:
    •  Downloading packages from Cloudsmith or publishing packages to Cloudsmith.
    •  API requests from your systems to Cloudsmith’s platform.
  • Required IP Ranges for Outbound Traffic:
    • AWS CloudFront (CDN) IP Ranges, these IP ranges are dynamic and updated by AWS. To fetch the latest ranges, use the following command:
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service == "CLOUDFRONT") | .ip_prefix' | sort -n

Ensure IPs that have CLOUDFRONT prefix are allowed in your firewall over HTTPS (443). 
Just so you know, these are AWS CloudFront IPs and are subject to change, you might want to monitor the ranges from time-to-time and update the list or use this curl example and implement it into some form of cron job. You can utilise subscribe-notification from AWS whenever this changes.

2. Inbound Traffic

Inbound traffic refers to connections initiated by Cloudsmith to your infrastructure.

  • Examples of Outbound Traffic:
    • Webhooks from Cloudsmith to notify your systems about events such as package uploads, sync or deletions.
    • API callbacks or integrations where Cloudsmith sends data to your environment.
  • Required IP Ranges for Outbound Traffic:
    • Cloudsmith Webhook IP Ranges, to ensure secure delivery of webhook notifications, whitelist the following Cloudsmith origin IP addresses:
      3.10.225.171
      34.250.171.206
      52.16.183.139
      52.19.118.176

Conclusion

By following these steps, you’ll secure uninterrupted access to Cloudsmith services while keeping your firewall’s security policies intact. If you require further assistance with firewall configurations or whitelisting IP ranges, feel free to reach out to our support team for help.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.