IP Whitelisting Issue

Question

We have a CI/CD pipeline setup on azure dev and web app setup on azure portal, both these need to access a mongodb atlas instance and the mongodb atlas has a network access list to whitelist ips, can someone please guide on where can i get the IPs to be whitelisted, for the web app my understanding is it has to be outbound IP addresses and if we need a single ip, we need to setup SSL with static IP, however for CI/CD pipeline i don't feel like i can have a static ip for microsoft hosted pipeline as it changes with every build, is there any solution there?

Answer 1

Based on my understanding of your scenario, you are leveraging Azure App Service WebApp.

Just to highlight, for the web app, you can get the outbound IP addresses by going to the "Properties" section of your app service in the Azure portal. Under "Properties", you will find "Outbound IP Addresses" which will give you the list of IP addresses that you need to whitelist.

Inbound and outbound IP addresses in Azure App Service

Please checkout these articles for config setup approaches:

Deploying to Network-secured sites

Getting Started with MongoDB Atlas, NodeJS, and Azure App Service

For the CI/CD pipeline, if you are using a Microsoft-hosted agent, you can get the weekly list of IP ranges from the weekly JSON file.

As outlined in this doc: Microsoft publishes a weekly JSON file listing IP ranges for Azure datacenters, broken out by region. This file is updated weekly with new planned IP ranges. Only the latest version of the file is available for download. If you need previous versions, you must download and archive them each week as they become available. The new IP ranges become effective the following week. We recommend that you check back frequently (at least once every week) to ensure you keep an up-to-date list.

Kindly let us know, I'll follow-up further.