Skip to main content

Cloud

  • Cloud
  • Reference
  • AWS flow log access IP addresses

AWS flow log access IP addresses

AWS data planes, regions, and IPs

Illumio Segmentation for the Cloud uses TCP port 443 to access your flow logs, so open that port for the IP addresses listed in this section.

Note

You don't need to whitelist these IPs under most circumstances. However, there may be conditions where a service control policy or something similar denies IP access to AWS S3 buckets outside certain ranges. If this is the case, try whitelisting the IPs for the data planes listed.

Illumio Control Plane (For all AWS Regions)

The Illumio Segmentation for the Cloud control and data plane uses the following public IP addresses to reach customer net­works, so add them to your firewall inbound/outbound allowed list:

  • 35.167.22.34

  • 52.88.124.247

  • 52.88.88.252

Illumio US West Data Plane for AWS

The Illumio Segmentation for the Cloud US West data plane uses the following public IP addresses to reach customer networks, so add them to your firewall inbound allowed list for the AWS regions listed following.

  • 35.163.224.94

  • 44.226.137.227

  • 54.190.103.0

AWS Regions Requiring above IPs for US West Data Plane

  • af-south-1

  • ca-central-1

  • ca-west-1

  • sa-east-1

  • us-east-1

  • us-east-2

  • us-gov-east-1

  • us-gov-west-1

  • us-west-1

  • us-west-2

Illumio EU West (UK) Data Plane for AWS

The Illumio EU West (UK) data plane uses the following public IP addresses to reach customer networks, so add them to your firewall inbound allowed list:

  • 18.169.5.9

  • 13.41.233.77

  • 18.169.6.17

AWS Regions Requiring above IPs for EU West (UK) Data Plane

  • eu-central-1

  • eu-central-2

  • eu-north-1

  • eu-south-1

  • eu-south-2

  • eu-west-1

  • eu-west-2

  • eu-west-3

  • il-central-1

  • me-central-1

  • me-south-1

Illumio APAC Data Plane for AWS

The Illumio APAC data plane uses the following public IP addresses to reach customer networks, so add them to your firewall inbound allowed list for the AWS regions listed following:

  • 13.54.140.138/32

  • 52.63.108.169/32

  • 52.64.120.98/32

AWS Regions Requiring above IPs for APAC Data Plane

  • ap-east-1

  • ap-northeast-1

  • ap-northeast-2

  • ap-northeast-3

  • ap-south-1

  • ap-south-2

  • ap-southeast-1

  • ap-southeast-2

  • ap-southeast-3

  • ap-southeast-4

  • ap-southeast-5

  • ap-southeast-6

  • ap-southeast-7

  • cn-north-1

  • cn-northwest-1