Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.maia.ai/llms.txt

Use this file to discover all available pages before exploring further.

If you are using the Full SaaS version of , you may need to configure your source systems to accept requests from a set range of IP addresses. If the Hybrid SaaS version means you have installed some hybrid agents in your cloud infrastructure and don’t want to allow unrestricted outbound access, then you will need to allow access to a specified range of IP addresses.

Agents and Git repositories

Full SaaS

If you’re using a Full SaaS configuration, you may need to allow the following IP address ranges from which s will call out to their source systems or to cloud data platforms. The IP addresses differ between EU and US regions. UK and EU region: 
3.253.125.96/28
3.145.243.112/28
US region: 
44.213.193.16/28
13.39.113.112/28

Hybrid SaaS agents and Git repositories

This applies to both s and s. If you’re using a Hybrid SaaS deployment, note that it only necessitates outbound communication. For added security measures—along with ensuring access to any desired data sources for —you need to allow the following IP address ranges to enable communication between the agent and . You must also allow outbound communication on port 443 from the agent container to . For users connecting to their own external repositories (such as “connect your own Git” on Github or Azure DevOps), these IPs will need to be allowed on the repository or organization being connected to. Note that these IP addresses vary between the EU and US regions. UK and EU region: 
3.252.50.48/28
13.38.202.208/28
3.252.108.192/28
US region: 
44.211.122.80/28
3.145.235.48/28
44.211.178.192/28
You also need to include the following DNS entries in your outbound allowlist: Global: 
keycloak.core.matillion.com
EU region: 
opentelemetry.eu1.core.matillion.com
US region: 
opentelemetry.us1.core.matillion.com
Adding the Hybrid SaaS agent IP ranges listed above isn’t a complete replacement for adding *.matillion.com to your domain allow list, as they serve different purposes. The IP ranges restrict outbound traffic from the agent container to specific Matillion endpoints. In contrast, *.matillion.com covers the broader set of Matillion services and endpoints required for normal platform operation. To ensure full functionality, add *.matillion.com to your domain allow list alongside any required IP ranges. You must also ensure that any other internal services (for example, AWS or Azure) are accessible, as well as the source systems you wish to connect to (for example, Oracle or SAP). Ensure connectivity from the agent container to your data warehouse. For example, when connecting to Snowflake, allow outbound access to ports 80 and 443. Port 443 is used for standard communication, while port 80 is required for OCSP certificate validation checks.

Connecting Matillion ETL to Maia

When configuring a connection from to , allow list the following address: api.billing.matillion.com. If you need to allow a static IP address, allow the following outbound addresses (on port 443) in your security group: 
13.248.217.21
76.223.69.85
Full details on connecting to are provided in Configuring a connection from to .

Custom connectors and Flex Connectors

You may need to allow the following IP addresses before using custom connectors, Flex connectors or connecting to your own Git repository. UK and EU region: 
3.252.50.48/28
13.38.202.208/28
3.252.108.192/28
US region: 
44.211.122.80/28
3.145.235.48/28
44.211.178.192/28

Data Loader CDC

Allow outbound communication on port 443 from the container to for initiating the websocket connection. The initial connection is from the out to —ongoing communication is then bidirectional, but there is no need to allow inbound traffic. The specific endpoints that the must communicate with are: 
ws-us.matillion-cdc-prod.matillion.com
ws-eu.matillion-cdc-prod.matillion.com