Pipeline using VPC endpoint or bitbucket account

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

If the correct IPs configured under your corporate firewall are allowlist, check for these two possible issues:

  • AWS S3 resource is inaccessible from Pipelines

  • Or, the IP accessing the S3 resource may be different than the allowlisted IPs

Solution

When AWS tries to access a resource in the same region where Bitbucket Pipelines is running, it uses internal VCP tunneling. In this case, AWS internal private IPs are used for the connection instead of public IPs. Bitbucket does this to significantly increase the performance of caches and artifacts (among other things) and reduce build times.

Unfortunately, this also means that service requests don't come from the documented public IP ranges. The pipeline runs in either the us-east-1 or us-west-2 region based on the pipeline failover strategy.

To resolve this, you need to allow the below VPC IDs in their policy, which should fix the problem.

The VPC details used by Pipelines are as follows in the table:

Cluster name

VPC endpoint

prod1.us-west-2

vpce-02695b404b6173e31

prod1.us-east-1

vpce-0de8dff0d15d1f136

prod2.us-east-1

vpce-0a2e337c9bd0e91c0

prod3.us-east-1

vpce-00fa4667d3afab957

prod4.us-east-1

vpce-0c1cad66851b2ad32

Updated on April 15, 2025
Platform
Cloud only
Product
Bitbucket Cloud
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community