Skip to content

Allowing IP addresses

Allowing IP addresses lets you control access to the Data Productivity Cloud, its agents, and other services based on specified IP addresses or IP ranges. This capability significantly enhances the security posture of Data Productivity Cloud environments by restricting access to authorized entities only.

Contact your network administrator for more information regarding allowing IP addresses in your infrastructure.

Security best practices for allowing IP addresses

IP address access control

Define clear policies regarding which IP addresses or IP ranges should be permitted to connect to Matillion instances. By mitigating potential risks associated with unauthorized access, organizations can safeguard sensitive data and resources hosted on the platform.

Adaptive controls

Implement dynamic IP allowance mechanisms to accommodate users connecting from dynamic IP addresses, such as remote workers or mobile devices. Adaptive controls ensure that legitimate users can access Matillion instances while maintaining security standards.

Continuous monitoring and review

Regularly monitor and review the IP allow list to identify and address any unauthorized access attempts or changes in access requirements. This proactive approach strengthens the overall security posture of Data Productivity Cloud environments and reduces the risk of unauthorized access.

Data Loader Batch

Allow the following addresses on secured data sources to allow inbound connections from Data Productivity Cloud services.

UK and EU region:

52.214.186.180
52.49.22.171
52.31.2.16

US region:

3.208.192.70
3.225.159.82
34.194.165.235 
34.206.117.88

Data Loader CDC

Allow outbound communication on port 443 from the agent container to the Hub for initiating the websocket connection. The initial connection is from the agent out to the Hub—ongoing communication is then bidirectional, but there is no need to allow inbound traffic.

The specific endpoints that the agent must communicate with are:

ws-us.matillion-cdc-prod.matillion.com 
ws-eu.matillion-cdc-prod.matillion.com

Agents

Full SaaS

If you're using a Full SaaS agent configuration, you may need to allow the following IP address ranges from which agents will call out to their source systems or to cloud data platforms. The IP addresses differ between EU and US regions.

UK and EU region:

3.253.125.96/28
3.145.243.112/28

US region:

44.213.193.16/28
13.39.113.112/28

Hybrid SaaS

If you're using Hybrid SaaS agent configuration, note that it only necessitates outbound communication. For added security measures—along with ensuring access to any desired data sources for the Data Productivity Cloud—you need to allow the following IP address ranges to enable communication between the agent and the Data Productivity Cloud. Note that these IP addresses vary between the EU and US regions.

UK and EU region:

3.252.50.48/28
13.38.202.208/38

US region:

44.211.122.80/28
3.145.235.48/28

Hub

When configuring a connection from Matillion ETL to the Hub, allow list the following address: api.billing.matillion.com.

If you need to allow a static IP address, allow the following outbound addresses (on port 443) in your security group:

13.248.217.21
76.223.69.85

Full details on connecting Matillion ETL to the Hub are provided in Configuring a connection from Matillion ETL to the Hub.

Custom connectors

You may need to allow the following IP addresses before using custom connectors or Flex connectors:

UK and EU region:

3.252.50.48/28
13.38.202.208/28

US region:

44.211.122.80/28
3.145.235.48/28