IBM Cloud Docs
Code Engine public and private IP addresses

Code Engine public and private IP addresses

When you deploy your Code Engine app, job, or function, the workload is deployed to a known list of possible network addresses, depending on the deployment region. You can add these IP addresses to an allowlist in your firewall; however, you must accept the drawbacks and risks that are involved in this action.

  • When Code Engine runs an application, job, or function, it selects an arbitrary system from a large pool of systems for running the workload. Load conditions and system health influence the system selection. Systems are also dynamically added and removed from this pool without warning, making the list of potential network addresses large and dynamic. Your allowlist might not be stable and work reliably.
  • These network addresses are not exclusive to a single tenant and by granting access to these network addresses, you are also granting access for all other workloads, which might be owned by other tenants that are running on Code Engine.

Because of these reasons, this approach is not recommended. However, if you accept these risks, then follow these steps to find the network addresses that are used by your Code Engine workload.

Depending on your scenario, you can send requests to a third-party proxy service. Proxy services provide static IP addresses that you can add to your allowlist. For more information, see How can I add my Code Engine application to an allowlist?

You can list all egress IP addresses, both public and private that are used by Code Engine workloads in a specific project with the Code Engine API. For more information, see List egress IP addresses.

When you are working with a component in Code Engine from the console such as apps, jobs, or functions, or their related entities such as access, bindings, or subscriptions, you can view details about the associated project. From the page of the particular Code Engine entity, click Details to learn more about the associated project. Use this page to view details of the associated project, which includes information such as the region, CRN (Cloud Resource Name), GUID (globally unique identifier), network addresses (public and private), and more!