Document Pipeline agent IPs for network policies

Issue #12846 resolved
Ben Buchanan
created an issue

We use Pipelines to deploy to an IP-restricted AWS S3 bucket; and as such we need to whitelist the Pipelines agent IP addresses.

My devops team found that the documented Bitbucket IP addresses ( did not include Pipelines.

They found a workaround but it would be good to get the docs updated.

Comments (22)

  1. Steven Vaccarella staff

    Hi Ben,

    We can't provide trusted IP address ranges for our build agents because the agents run on shared infrastructure and whitelisting of the appropriate IP ranges would only provide a false sense of security. Any other user that has access to that shared infrastructure (including other Bitbucket users using Pipelines) can make arbitrary requests from the same ranges, so whitelisting them would be hardly any more secure than not having a whitelist at all.

    Essentially if you're relying on an IP whitelist as an extra layer of security for a service then I'm afraid you won't be able to access that service from a pipeline while still maintaining the same level of security.

  2. Lee Winder

    "They found a workaround but it would be good to get the docs updated."

    Could you let me know what the workaround was, I have an IP restricted RDS instance that I cannot connect to from Pipelines which is breaking a large number of tests.

  3. chrismhale

    Any insight as to an ETA on this would be awesome.. currently using AWS' CodeDeploy to get around the IP restriction, and I absolutely hate it! Want off asap..

    If this proposal is still a longs ways from being implemented, would be nice to know sooner, rather than later, if we need to pursue an alternative to using pipelines.


  4. Andy Kress

    The 4 IPs that are used by pipelines are in the page at the bottom of the linked article, currently those are:

  5. Log in to comment