IP addresses and domains for Atlassian cloud apps
If you or your organization use restrictive firewall or proxy server settings, you or your network administrator may need to allowlist certain domains and IP address ranges to ensure Atlassian cloud apps and other services work as expected.
ドメイン名
Atlassian apps use domains with many levels of subdomains under all the listed top-level domains. When allowing a domain, make sure the action permits the top-level domain and multiple levels of subdomains, not just immediate subdomains.
たとえば、*.atl-paas.net の許可エントリに関しては、avatar-management--avatars.us-west-2.prod.public.atl-paas.net と jira-frontend-static.prod.public.atl-paas.net の両方を許可する必要があります。さらに、サブドメインだけでなく上位ドメイン自体が許可されていることをご確認ください。たとえば、*.atlassian.com は id.atlassian.com と atlassian.com の両方を許可する必要があります。
アトラシアン ドメイン
For Atlassian apps to operate, allow these first-party Atlassian domains and their levels of subdomains. These domains are directly operated and managed by Atlassian.
ドメイン | 目的 |
|---|---|
| All Atlassian apps and services use this |
| All Atlassian apps and services use this |
| All Atlassian apps and services use this |
| Jira と Confluence はこれを使用。 |
| Jira と Confluence はこれを使用。 |
| Bitbucket はこれを使用。 |
| Forge apps use this |
Atlassian Government Cloud ドメイン
For Atlassian Government Cloud apps to operate, allow these first-party Atlassian domains and their levels of subdomains. These domains are directly operated and managed by Atlassian.
ドメイン | 目的 |
|---|---|
| Atlassian Government Cloud の Jira と Confluence 向け |
| Atlassian Government Cloud の Jira と Confluence 向け |
| For Jira and Confluence apps in Atlassian Government Cloud |
| For Jira and Confluence apps in Atlassian Government Cloud |
TLS インターセプト/インスペクション プロキシとファイアウォールのパフォーマンスへの影響
高パフォーマンスのエクスペリエンスを確保するため、セキュリティ ポリシーに従って、アトラシアン ファーストパーティ ドメインを TLS インターセプト/インスペクションの対象から除外することを十分にご検討ください。
Atlassian apps heavily depend on features of the HTTP/2 protocol, particularly support for simultaneous transactions.
TLS インターセプト/インスペクション プロキシとファイアウォールによって、HTTP/2 から HTTP/1.1 へのプロトコル ダウングレードが発生することがよくあります。HTTP/1.1 にダウングレードするとトランザクションがシリアル化されるため、最新の Web アプリケーションのパフォーマンスが大幅に低下します。その結果、ページの読み込みとエクスペリエンスの待ち時間が著しく遅れる可能性があります。
パートナー ドメイン
Atlassian uses third-party domains and their levels of subdomains for various purposes. Atlassian apps and services may work without access to these domains, however some experiences may be degraded or stop functioning altogether.
ドメイン | 説明 | 目的 |
|---|---|---|
| Amazon Web Services Content Delivery Network | Used by almost all Atlassian apps to accelerate content delivery to browsers. |
| AWS WAF intelligent threat mitigation
| Used to verify browser authenticity. Required for login and usage of Atlassian cloud products. At least 3 levels of subdomain wildcarding is required. |
| CookieLaw 同意ソリューション | プライバシー法とデータ保護法に準じて、Cookie の同意要求に使用。 |
| Google がホストするライブラリ Content Delivery Network | Google Hosted Libraries content distribution network for open-source JavaScript libraries used by some Atlassian apps. |
グローバル: 中国の場合: | Google ReCAPTCHA Enterprise | スパム対策に使われます。 |
| Googleソーシャルアカウントログイン | Google アカウントを使用してログインする場合に使用します。 |
| LaunchDarkly Digital Experience の提供 | Used to test, evaluate and control the delivery of new app experiences. |
| Optimizely Digital Experience の提供 | Used to test, evaluate and control the delivery of new app experiences. |
| Orange Logic Content Delivery Network See: https://www.orangelogic.com/features/content-generation-distribution-dam-platform | Used for public static asset delivery (for example, Atlassian logos). |
| Pendo in-app messaging service | Used by marketing to enable targeted messaging in Jira, Jira Service Management, Jira Align, Jira Product Discovery, and Confluence. |
| Pubnub メッセージ プラットフォーム | Used by almost all Atlassian apps to deliver real-time events, such as live updates to ticket statues, pages and notifications. |
| Sentry.io Content Delivery Network 参照: https://docs.sentry.io/platforms/javascript/install/loader/ | Used to track errors and failures in app experiences. |
| Slack 統合 | Used for integration with the Slack ecosystem. |
| スタットシグ | Used to test, evaluate and control the delivery of new app experiences. |
| Twilio Segment | Used for analytical data collection. |
| Unsplash image library | Confluence と Trello でビジュアル(Confluence ページのヘッド画像や Trello ボードの背景など)を提供するために使用。 |
| Wordpress/Gravatar Content Delivery Network | Used by some Atlassian apps to display generic or public avatars. |
IP アドレスの範囲
We use a mix of our own IP addresses and others provided by third parties (namely Amazon Web Services). You should review your network restrictions in the context of the following sections and update them as necessary to ensure your Atlassian apps work as intended.
These addresses were last updated on April 3, 2025.
Atlassian apps and sites
Atlassian apps and sites don't have fixed individual IP addresses. Instead, they use defined ranges of IP addresses. You should allowlist these IP ranges to maintain access to Atlassian cloud apps and sites.
This list is sizable because it contains every IP range used globally by Atlassian. The IP ranges are used for both receiving and responding to requests from clients (e.g., browsers), as well as for making connections to the internet on your behalf (e.g., webhooks and application links to on-premise servers).
You’ll save time regularly checking updates to the IP ranges if you programmatically update your allowlist. See the section How do I know when the IP ranges change? for instructions on further automating system by subscribing to an AWS SNS topic.
In practice, most admins operating allowlisting systems (such as firewalls, access control lists, and security groups) are only interested in the IP ranges Atlassian apps use to make outgoing connections to other networks. For this much shorter list, see the Outgoing connections section.
An ingress or incoming connection is one that originates from a client, such as a browser, script, app, or SSH client for the purpose of making a request or uploading data to an Atlassian app or service. The Atlassian app or service replies on the same connection.
An egress or outgoing connection is one made by an Atlassian app or service to a server on the internet on your behalf. For example, application links between cloud apps and on-premise servers, webhooks, and connections you request from our cloud apps to remote servers and third-party integrators, repository cloning, and checking for new emails on an email server.
Even though region information is provided, we don't recommend that customers allowlist ingress or egress networks associated with specific regions. Instead, include all networks relevant to an app and direction. This is because we’re always working to optimise our network, bringing our cloud closer to all customers by deploying additional edge regions. Due to the underlying technology of the internet, in particular unicast routing and latency-based DNS routing, these improvements can and do result in customer clients and servers seeing new Atlassian IP addresses (from published ranges tagged with region “global” in the document) over time.
This behaviour is not unique to Atlassian. For example, AWS also adds expands and adds additional IP ranges to their apps over time, including to the popular services EC2 and Cloudfront in https://ip-ranges.amazonaws.com/ip-ranges.json .
Outgoing connections
The IP address ranges for Atlassian apps and sites include both the summary IP ranges used for ingress and egress, as well the more specific ranges used only for egress. We generally recommend using these IP address ranges when you allow our outgoing connections to contact remote networks and servers.
Atlassian apps may connect using either IPv4 or IPv6. This depends on the resolution time for the A and AAAA DNS record by our proxies. Atlassian apps and services will originate connections to the internet, remote servers, and third parties only.
IP 許可リスト、サーバー、ファイアウォール、アクセス制御リスト、セキュリティ グループ、またはサードパーティのサービスを、アトラシアンからの発信接続を受信するように設定している場合は、次のリストをご利用ください。
Outgoing connections for Atlassian apps
If your situation requires a simple list of the IP ranges used by Atlassian only for the purpose of making outgoing connections, you can use the following lists.
IPv4
アトラシアンの略式 IPv4 範囲 (推奨) | Individual IPv4 ranges used for outgoing connections |
|---|---|
13.52.5.96/28
13.200.41.128/25
13.236.8.224/28
16.63.53.128/25
18.136.214.96/28
18.184.99.224/28
18.234.32.224/28
18.246.31.224/28
43.202.69.0/25
52.215.192.224/28
104.192.136.0/21
185.166.140.0/22 | 13.52.5.96/28
13.200.41.224/28
13.236.8.224/28
16.63.53.224/28
18.136.214.96/28
18.184.99.224/28
18.234.32.224/28
18.246.31.224/28
43.202.69.96/28
52.215.192.224/28
104.192.136.240/28
104.192.137.240/28
104.192.138.240/28
104.192.140.240/28
104.192.142.240/28
104.192.143.240/28
185.166.140.112/28
185.166.141.112/28
185.166.142.240/28
185.166.143.240/28 |
IPv6
For IPv6, you can choose to use summary ranges or the individual Atlassian IPv6 ranges used for outgoing connections. The summary option can help if you have limited space available in your access-list or security-group and is less likely to change over time. The individual ranges option are useful if your policy or software prevents the use of a summary range.
Atlassian summary IPv6 ranges (preferred) | 発信接続に使用される個々の IPv6 範囲 |
|---|---|
2401:1d80:3000::/36
2406:da18:809:e04::/63
2406:da18:809:e06::/64
2406:da1c:1e0:a204::/63
2406:da1c:1e0:a206::/64
2600:1f14:824:304::/63
2600:1f14:824:306::/64
2600:1f18:2146:e304::/63
2600:1f18:2146:e306::/64
2600:1f1c:cc5:2304::/63
2a05:d014:f99:dd04::/63
2a05:d014:f99:dd06::/64
2a05:d018:34d:5804::/63
2a05:d018:34d:5806::/64 | 2401:1d80:3200::/48
2401:1d80:3204::/48
2401:1d80:3208::/48
2401:1d80:320c::/48
2401:1d80:3210::/48
2401:1d80:3214::/48
2401:1d80:3218::/48
2401:1d80:321c::/48
2401:1d80:3220::/48
2401:1d80:3224::/48
2401:1d80:3228::/48
2401:1d80:322c::/48
2401:1d80:3230::/48
2406:da18:809:e04::/63
2406:da18:809:e06::/64
2406:da1c:1e0:a204::/63
2406:da1c:1e0:a206::/64
2600:1f14:824:304::/63
2600:1f14:824:306::/64
2600:1f18:2146:e304::/63
2600:1f18:2146:e306::/64
2600:1f1c:cc5:2304::/63
2a05:d014:f99:dd04::/63
2a05:d014:f99:dd06::/64
2a05:d018:34d:5804::/63
2a05:d018:34d:5806::/64 |
Atlassian Government Cloud の発信接続
Jira for Atlassian Government Cloud supports development integrations with Github, not other development tools. If your situation requires a list of IP ranges used by Atlassian only for the purpose of making outgoing connections, you can use this list:
44.220.40.160/28
18.246.188.32/28Amazon Web Services and CloudFront
We use CloudFront Content Delivery Network (CDN) to deliver webpage assets to browsers as well as various Amazon Web Services. Customers employing strict network restrictions on destinations allowed for client browsers may find it necessary to allowlist IP ranges with the tags "AMAZON" or "CLOUDFRONT" from this IP ranges list to ensure Atlassian apps work properly.
You’ll save time regularly checking updates to the IP ranges if you programmatically update the IP ranges you allow.
送信メール
We use these IPs to send notifications. You should allow the following IP ranges:
167.89.0.0/17
168.245.0.0/17
34.213.22.229
34.249.70.175
34.251.56.38
34.252.236.245
52.51.22.205
54.187.228.111
34.209.119.136
34.212.5.76
34.253.110.0
34.253.57.155
35.167.157.209
35.167.7.36
52.19.227.102
52.24.176.31
54.72.208.111
54.72.24.111
54.77.2.231
76.223.176.0/20
76.223.144.220/31
76.223.147.128/25
52.82.172.0/22
216.221.175.128/25Bitbucket と Trello
Some Atlassian apps aren’t hosted on the same atlassian.net domain as Confluence and Jira. Check these articles to find out which domains, IP address ranges, and ports you need to allow for certain apps:
Bitbucket Cloud Premium customers
If you’re a Bitbucket Cloud Premium customer and have set a custom IP allowlist, make sure you also include the IP of your Bitbucket Data Center. Control access to your private content
Confluence ホワイトボード
If you’re not able to allowlist *.atlassian.com, you can make http://canvas-workers.atlassian.com an allowed domain to avoid issues with Confluence whiteboards. To check your compatibility with the whiteboards editor, use our compatibility check tool.
Integrate with Data Center products
ネットワークで稼働しているアトラシアンのクラウド製品とオンプレミス製品の統合を検討されている場合は、アプリケーション トンネルを使用することで、着信接続と IP 範囲を許可リストに登録せずに済みます。
Application tunnels use network tunneling to create a secure pathway between Atlassian cloud and the products in your network that can be used to integrate your products. We made this feature so you don’t have to open your network for any incoming connections. Connect to Data Center instances with application tunnels
アトラシアンの公開 IP 範囲に関する FAQ
Jira/Confluence Cloud を自社ホスト製品やサービスと統合しています。インフラストラクチャとの接続を開くためにアトラシアンが使用する IP 範囲はどれくらいですか?
Atlassian has a number of egress proxies which use IP ranges specifically dedicated to opening connections from Atlassian cloud to customers and remote systems. The proxies are deployed in each AWS region where our Jira/Confluence infrastructure is deployed. These IP ranges can be found in the Outgoing connections section on this page.
Instead of allowlisting these IP ranges, you can also use application tunnels to integrate with Atlassian cloud apps in your network. Application tunnels use network tunneling to forward the traffic to your network without requiring any incoming connections. See the Integrate with Data Center products section on this page.
上記の IP 範囲は誰が管理しますか?
Atlassian has full control over those IP ranges. These IP ranges are allocated out of the AWS-registered IP space. Those ranges have been dedicated by AWS to one of Atlassian’s AWS accounts. No other AWS customer can use these IP ranges.
The allocation/deallocation of such ranges is done using a manual process which involves a support request. It is very unlikely that Atlassian will release control over these ranges accidentally. We have monitoring in place to detect such unlikely occurrence as well.
Jira/Confluence Cloud インスタンスがどのリージョンにあるか確認するにはどうすればよいですか?
Your app data will most likely have a large hosting presence within the region closest to the majority the users accessing your apps. To optimize product performance, we don’t limit data movement in cloud and we may move data between regions as needed.
If you’re opted in to data residency, which is currently available with the Enterprise Cloud plan and new apps with no data for with Standard and Premium Cloud plans, you will be able to restrict the number of regions where connections from Atlassian cloud to your infrastructure can be expected to the regions where your data is pinned to. Understand data residency
IP 範囲が変わることはありますか?
変更が最小限に収まるように善処しますが、IP 範囲が変更になる可能性があります。次の場合、IP 範囲に関する情報の追加または変更が必要になる可能性があります。
If we add AWS regions where we host Jira/Confluence Cloud, we’ll add a new subnet for the new region.
If we deploy new instances of our egress proxies that use Atlassian-registered (provider-independent) IP space within AWS and Jira and Confluence switch over to those, we’ll use new ranges that will be part of the Atlassian-registered netblocks (104.192.136.0/21 and 185.166.140.0/22). We’ll publish a blog post a few weeks before that change is made. All ranges, old and new, are covered by these IP ranges.
IP 範囲が変更されたときはどうすればわかりますか?
アトラシアンの IP 範囲が変更されるたびに、SNS トピック atlassian-public-ip-changes の登録者に通知を送信します。ペイロードには次の形式の情報が含まれており、マシンによる利用を目的としています。
{
"creationDate":"yyyy-mm-ddThh:mm:ss.mmmmmm",
"syncToken":"1659489769",
"md5":"6a45316e8bc9463c9e926d5d37836d33",
"url":"https://ip-ranges.atlassian.com/"
}creationDate- IP 範囲が UTC でアップデートされた日時 (標準 ISO 形式)。syncToken- Unix エポック時間形式の公開時間。md5- IP 範囲ファイルの暗号化されたハッシュ値。この値を使用して、ダウンロードされたファイルが破損しているかどうか確認できます。url- IP 範囲ファイルの場所。
If you want to be notified whenever there's a change to the Atlassian IP ranges, subscribe to receive notifications using Amazon SNS.
Subscribe to notifications for Atlassian IP ranges
Amazon SNS コンソール (https://console.aws.amazon.com/sns/v3/home) を開きます。
ナビゲーション バーで、必要に応じて [地域] を [米国東部 (北バージニア)] に変更します。配信登録している SNS 通知が作成された地域であるため、この地域を選択する必要があります。
In the navigation pane, select Subscriptions.
[Create subscription (登録の作成)] を選択します。
[Create subscription (登録の作成)] ダイアログ ボックスで、以下を行います。
[トピック ARN] で、次の Amazon Resource Name (ARN) をコピーします。
arn:aws:sns:us-east-1:745490931007:atlassian-public-ip-changes[プロトコル] で、次のサポート対象プロトコルのいずれかを選択します。
http https sqs lambda firehoseIn Endpoint, type the endpoint to receive the notification.
[Create subscription (登録の作成)] を選択します。
You’ll be contacted on the endpoint that you specified and asked to confirm your subscription.
Notifications are subject to the availability of the endpoint. You may want to check the JSON file periodically to ensure that you have the latest ranges.
If you no longer want to receive these notifications, you can unsubscribe.
Unsubscribe from notifications for Atlassian IP ranges
Amazon SNS コンソール (https://console.aws.amazon.com/sns/v3/home) を開きます。
In the navigation pane, select Subscriptions.
Select the checkbox for the subscription.
Select Actions, then Delete subscriptions.
確認を求められたら、[削除] を選択します。
IPv6 をサポートしていますか?
Yes, but our egress proxies will attempt to connect to the A record for the DNS name you provide before trying the AAAA record. In practice, we will use IPv6 only if your service is setup as IPv6 only. Full list of IPv6 ranges is available at https://ip-ranges.atlassian.com.
文書化された範囲外の IP アドレスからの接続試行があります。どうしたらよいでしょうか?
Submit a support ticket to let us know about this issue. Possible reasons for this may be:
As Atlassian combines apps, some functionalities may have different infrastructure deployment footprint, which may mean some traffic will originate from new regions.
Third-party app integrations may open connections from their own infrastructure, which is outside of Atlassian’s control. Refer to the vendor’s documentation and support team for more information.
https://ip-ranges.atlassian.com/ に挙げられている項目が多いのはなぜですか?
The list at https://ip-ranges.atlassian.com is created for machine consumption and covers all Atlassian apps for traffic from Atlassian cloud to self-hosted products and services, as well as connections from users to Atlassian cloud.
We plan to add tagging to the ranges so they can be filtered to only show the relevant ranges for each situation based on app, direction of connection, IP family, region etc.
The current IP range to enable for the migration assistants to work as expected is too wide. What are the exact Atlassian API addresses (URLs) to allow for the plugin to work?
You must allow the URLs below for the migration assistants to work. The URLs listed are subject to change and new URLs may be added. We encourage you to monitor this page for the latest changes.
If any of the listed hosts send client-side redirects to other domains (now or in the future), then we’ll remove them from the list.
For Confluence Cloud Migration Assistant communication
アドレス | 目的 |
|---|---|
| Upload attachments |
| Communicate with Atlassian Migration Platform |
| Check plugin version |
| Communicate with Atlassian App Migration Platform |
| Communicate with Atlassian Migration Platform |
| Communicate with Atlassian Migration Platform |
| Upload migration data |
| Upload app migration data |
| Optional: Upload app migration data - accelerated |
| Enable access to the latest UI components in the Migration Assistant |
| Enable communication to support migrations in the FedRAMP environment |
| Enable communication with your destination cloud site |
For Jira Cloud Migration Assistant communication
アドレス | 目的 |
|---|---|
| Upload attachments |
| Communicate with Atlassian Migration Platform |
| Check plugin version |
| Communicate with Atlassian App Migration Platform |
| Communicate with Atlassian Migration Platform |
| Communicate with Atlassian Migration Platform |
| Upload migration data |
| Upload app migration data |
| Optional: Upload app migration data - accelerated |
| Enable access to the latest UI components in the Migration Assistant |
| Enable communication with your destination cloud site |
ワイルドカードが使えない場合は、次の URL を必ず追加してください。
| 移行エラー ログのダウンロード |
For Bitbucket Cloud Migration Assistant communication
アドレス | 目的 |
|---|---|
| Communicate with Atlassian Migration Platform |
| Check plugin version |
| Communicate with Atlassian App Migration Platform |
| Communicate with Atlassian Migration Platform |
| Communicate with Atlassian Migration Platform |
| Upload migration data |
| Upload app migration data |
| Enable communication with your destination cloud workspace |
この内容はお役に立ちましたか?