robotsnoindex

If you or your organization use restrictive firewall or proxy server settings, you or your network administrator may need to allow-list certain domains and IP address ranges to ensure Atlassian cloud products and other services work as expected.

tip/resting Created with Sketch.

The information on this page covers all Atlassian products. However, there is some additional information specific to some products, for that please see the section on Bitbucket and Trello.

Domain names

tip/resting Created with Sketch.

Atlassian products use domains with many levels of subdomains under all the listed top-level domains. When allowing a domain, make sure the action permits the top-level domain and multiple levels of subdomains, not just immediate subdomains.

For example, a permit entry for *.atl-paas.net should allow both avatar-management--avatars.us-west-2.prod.public.atl-paas.net AND jira-frontend-static.prod.public.atl-paas.net. Additionally, ensure that top-level domains themselves are also permitted, not just their subdomains. For example, *.atlassian.com should permit both id.atlassian.com AND atlassian.com.

For Atlassian cloud products to operate, allow these first-party Atlassian domains and their levels of subdomains:

*.atl-paas.net
*.atlassian.com
*.atlassian.net
*.bitbucket.org
*.jira.com

In addition to the first-party domains, allow these third-party domains and their levels of subdomains:

*.amazonaws.com
*.cloudflare.com
*.cloudfront.net
*.cookielaw.org
*.googleapis.com
*.optimizely.com
*.pndsn.com
*.segment.io
*.sentry-cdn.com
*.slack-edge.com
*.wp.com

IP address ranges

We currently use a mix of our own IP addresses and others provided by third parties (namely Amazon Web Services). You should review your network restrictions in the context of the following sections and update them as necessary to ensure your Atlassian cloud products work as intended.

Atlassian cloud products and sites

Atlassian products and sites don't have fixed individual IP addresses, instead they use defined ranges of IP addresses. You should allow-list these IP ranges to maintain access to Atlassian cloud products and sites:

https://ip-ranges.atlassian.com/


tip/resting Created with Sketch.

This list is sizable because it contains every IP range used globally by Atlassian for both receiving and responding to requests from clients (e.g. browsers) as well as those used for making connections to the internet on your behalf (e.g. webhooks and application links to on-premises servers).

In practice most Application, Network and Systems Administrators operating allow-listing systems (such as Firewalls, Access Control Lists and Security Groups) will only be interested in the IP ranges Atlassian products use to make outgoing connections to other networks. For that, much shorter, list please see the section of this page titled Outgoing Connections.

tip/resting Created with Sketch.

If you can update your allow list programmatically from the linked file, it'll save you from needing to check it regularly.

Outgoing Connections

The IP ranges for Atlassian cloud products and sites, mentioned above, also contain the IP address ranges we use for Outgoing Connections to the internet made on your behalf. Examples of Outgoing Connections include application links between Cloud products and on-premises Confluence Server and Jira Server instances, webhooks you request from our Cloud products, repository cloning, and checking for new emails on your email server.

We generally recommend using these IP ranges when allowing our outgoing connections to contact your network. However, if your situation requires a shorter list of only the specific IP ranges used by Atlassian for making outgoing connections, you can use this subset of ranges:

13.52.5.96/28
13.236.8.224/28
18.136.214.96/28
18.184.99.224/28
18.234.32.224/28
18.246.31.224/28
52.215.192.224/28
104.192.137.240/28
104.192.138.240/28
104.192.140.240/28
104.192.142.240/28
104.192.143.240/28
185.166.143.240/28
185.166.142.240/28

Amazon web services and CloudFront

We use Amazon Web Services and CloudFront Content Delivery Network (CDN) to deliver webpage assets to browsers. Customers employing strict network restrictions on destinations allowed for client browsers may find it necessary to allow-list IP ranges with the tags "AMAZON" or "CLOUDFRONT" from this list to ensure Atlassian applications work properly.

tip/resting Created with Sketch.

You'll save time regularly checking updates to the IP ranges if you programmatically update the IP ranges you allow.

Outbound email

We use the below IPs to send notifications. You should allow the following IP ranges:

167.89.0.0/17, 192.174.80.0/20, 147.253.208.0/20, 168.245.0.0/17, 34.211.27.137, 34.211.27.236, 34.213.22.229, 34.249.70.175, 34.251.56.38, 34.252.236.245, 52.51.22.205, 54.187.228.111, 34.209.119.136, 34.211.27.82, 34.212.5.76, 34.253.110.0, 34.253.57.155, 35.167.157.209, 35.167.7.36, 52.19.227.102, 52.24.176.31, 54.72.208.111, 54.72.24.111, 54.77.2.231

Bitbucket and Trello

Some of our products aren't hosted on the same atlassian.net domain as Confluence and Jira. Check the documentation for Bitbucket and Trello to find out which domains, IP address ranges, and ports you need to allow.

Atlassian public IP ranges FAQ

I'm integrating Jira/Confluence Cloud with self-hosted products and services. What are the IP ranges that Atlassian will use to open connections to my infrastructure?

Atlassian has a number of egress proxies which use IP ranges specifically dedicated to opening connections from Atlassian Cloud to customers and remote systems. The proxies are deployed in each AWS region where our Jira/Confluence infrastructure is deployed.

Those IP ranges can be found in the section on this page titled Outgoing Connections.

Who has control over the IP ranges described above?

Atlassian has full control over those IP ranges.

The mentioned IP ranges are allocated out of the AWS-registered IP space. Those ranges have been dedicated by AWS to one of Atlassian’s AWS accounts. No other AWS customer can use those IP ranges.

The allocation/deallocation of such ranges is done using a manual process which involves a support request. It is very unlikely that Atlassian would release control over those ranges accidentally. We have monitoring in place to detect such unlikely occurrence as well.

How do I know in which region my Jira/Confluence Cloud instance resides?

Your product data will most likely have a large hosting presence within the region closest to the majority the users accessing your product. To optimize product performance, we don’t limit data movement in Cloud, and we may move data between regions as needed.

If you’re opted into data residency, which is currently available only in the Enterprise Cloud plan, you will be able to restrict the number of regions where connections from Atlassian Cloud to your infrastructure can be expected to the regions that are part of the realm that your data is pinned to. For more information on data residency, see Managing data residency.

Can the IP ranges change?

While we try to keep such changes to a minimum, the IP ranges may be modified. Here are situations where we may need to add or modify information about the IP ranges:

  • if we add AWS regions where we host Jira/Confluence Cloud, we will add a new subnet for the new region

  • if we deploy new instances of our egress proxies that use Atlassian-registered (provider-independent) IP space within AWS and  Jira and Confluence switch over to those, we will use new ranges that will be part of the Atlassian-registered netblocks (104.192.136.0/21 and 185.166.140.0/22).
    We will publish a blog post a few weeks before that change is made. Note that all ranges, old and new are covered within the already-long-documented ranges on http://ip-ranges.atlassian.com.

Do you support IPv6?

Yes but our egress proxies will attempt to connect to the A record for the DNS name you provide before trying the AAAA record. In practice, we will use IPv6 only if your service is setup as IPv6 only. Full list of IPv6 ranges is available at https://ip-ranges.atlassian.com

I’m getting connection attempts from IP addresses outside the documented ranges. What should I do?

Please raise a support ticket with us at https://getsupport.atlassian.com/ to let us know about this issue. Possible reasons for this may be:

  • As products within the Atlassian offerings get combined, some functionalities may have different infrastructure deployment footprint which may mean some traffic would originate from new regions.

  • 3rd-party vendor integrations may open connections from their own infrastructure, which is outside of Atlassian’s control; refer to the vendor’s documentation and support team for more information.

Why are there so many things listed on https://ip-ranges.atlassian.com/?

The list at ip-ranges.atlassian.com is aimed for machine consumption and it covers all Atlassian products for traffic from Atlassian Cloud to self-hosted as well as connections from users to Atlassian Cloud.

We have plans to add tagging to the ranges so they can be filtered to only show the relevant ranges for each situation based on product, direction of connection, IP family, region etc.

The current IP range to be enabled for the Jira / Confluence Migration Assistant to work as expected is too wide. What are the exact IP addressed to be allowed for the plugin to work?

See the following tables for the exact list of IP addressed you must allow for the plugin to work.

  • Listed IP addresses are subject to change. We encourage you to monitor the Atlassian cloud IP ranges and domains page for the latest changes. This page also contains the full list of domains Atlassian Cloud products require access to.
  • If any of the listed hosts send client-side redirects to other domains (now or in the future), then they will be removed from the list.
For CCMA communications:
AddressFunction
https://api.media.atlassian.comUploading of attachments
https://api-private.atlassian.comCommunication with Atlassian Migration Platform
https://marketplace.atlassian.comChecking of plugin version
https://api.atlassian.comCommunication with Atlassian App Migration Platform
https://migration.atlassian.comCommunication with Atlassian Migration Platform
For JCMa plugin host communication:
AddressFucntion
https://api.media.atlassian.com Uploading of attachments
https://api-private.atlassian.comCommunication with Atlassian Migration Platform
https://marketplace.atlassian.comChecking of plugin version
https://api.atlassian.comCommunication with Atlassian App Migration Platform
https://migration.atlassian.comCommunication with Atlassian Migration Platform
https://s3.us-west-2.amazonaws.comUploading of migration data
https://*.s3.us-west-2.amazonaws.comUploading of migration data
[DESTINATION_CLOUD_SITE]Enables communication with your destination cloud site