This post was co-written by Sebastian Lerner and Radhika Gulati.
Note:The IP ranges feature costs 450 credits per GB of data used by jobs with the feature enabled.
Today, we’re announcing that one of our most popular feature requests, IP ranges, is now generally available for CircleCI Cloud customers. This feature enables teams to meet compliance requirements by limiting the connections that communicate with their infrastructure.
No company wants to give the entire internet access to their artifact repositories or other sensitive environments. With IP ranges, teams are able to open up their IP-based firewalls to only CircleCI.
With IP ranges, customers on the Performance and Scale plans using the Docker executor can route job traffic through an IP address that is verifiably associated with CircleCI. We’re proud to be one of the first CI/CD platforms to offer this capability.
Better security for more confidence
The IP ranges feature allows CircleCI customers to meet their IP-based compliance requirements while still benefiting from the powerful compute and seamless job orchestration of running on CircleCI Cloud.
When IP ranges is enabled on a Docker job through a config file, CircleCI re-routes any outgoing communication through one of about 30 IP addresses listed in the documentation. This feature gives teams confidence that traffic to their private environments is coming from CircleCI.
Some examples where IP-based restricted access might be desired include:
- Accessing private artifact repositories
- Deploying an internal app with sensitive data
- Pulling dependencies from a firewalled dependency manager
- Running test cases on an internal environment
The IP ranges feature costs 450 credits per GB of data used by jobs with the feature enabled. To view data usage from IP ranges, access the IP ranges tab within the Plan Usage page in the CircleCI UI.