> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Network access and IP AllowList requirements

export const s_runner = "Streaming runner";

export const m_runner = "Maia runner";

export const metl = "Matillion ETL";

export const maia = "Maia";

export const cdc_runner = "CDC agent";

If you are using the Full SaaS version of {maia}, you may need to configure your source systems to accept requests from a set range of IP addresses. If the Hybrid SaaS version means you have installed some hybrid agents in your cloud infrastructure and don't want to allow unrestricted outbound access, then you will need to allow access to a specified range of IP addresses.

***

## Agents and Git repositories

### Full SaaS

If you're using a Full SaaS {m_runner} configuration, you may need to allow the following IP address ranges from which {m_runner}s will call out to their source systems or to cloud data platforms. The IP addresses differ between EU, US, and AU regions.

UK and EU region:

```
3.253.125.96/28
3.145.243.112/28
```

US region:

```
44.213.193.16/28
13.39.113.112/28
```

AU region:

```
18.98.196.240/28
```

### Hybrid SaaS agents and Git repositories

This applies to both [{m_runner}s](/docs/guides/runner-overview) and [{s_runner}s](/docs/streaming/create-streaming-agent).

If you're using a Hybrid SaaS deployment, note that it only necessitates outbound communication. For added security measures—along with ensuring access to any desired data sources for {maia}—you need to allow the following IP address ranges to enable communication between the agent and {maia}. You must also allow outbound communication on port 443 from the agent container to {maia}.

For users connecting to their own external repositories (such as "connect your own Git" on Github or Azure DevOps), these IPs will need to be allowed on the repository or organization being connected to.

Note that these IP addresses vary between the EU, US, and AU regions.

UK and EU region:

```
3.252.50.48/28
13.38.202.208/28
3.252.108.192/28
```

US region:

```
44.211.122.80/28
3.145.235.48/28
44.211.178.192/28
```

AU region:

```
18.98.199.176/28
```

You also need to include the following DNS entries in your outbound allowlist:

Global:

```
keycloak.core.matillion.com
```

EU region:

```
opentelemetry.eu1.core.matillion.com
```

US region:

```
opentelemetry.us1.core.matillion.com
```

AU region:

```
opentelemetry.au1.core.matillion.com
```

Adding the Hybrid SaaS agent IP ranges listed above isn't a complete replacement for adding `*.matillion.com` to your domain allow list, as they serve different purposes. The IP ranges restrict outbound traffic from the agent container to specific Matillion endpoints. In contrast, `*.matillion.com` covers the broader set of Matillion services and endpoints required for normal platform operation. To ensure full functionality, add `*.matillion.com` to your domain allow list alongside any required IP ranges.

You must also ensure that any other internal services (for example, AWS or Azure) are accessible, as well as the source systems you wish to connect to (for example, Oracle or SAP).

Ensure connectivity from the agent container to your data warehouse. For example, when connecting to Snowflake, allow outbound access to ports 80 and 443. Port 443 is used for standard communication, while port 80 is required for [OCSP certificate validation checks](https://docs.snowflake.com/en/user-guide/ocsp#ocsp-certification-checks-require-port-80).

***

## Connecting Matillion ETL to Maia

When configuring a connection from {metl} to {maia}, allow list the following address: `api.billing.matillion.com`.

If you need to allow a static IP address, allow the following outbound addresses (on port 443) in your security group:

```
13.248.217.21
76.223.69.85
```

Full details on connecting {metl} to {maia} are provided in [Configuring a connection from {metl} to {maia}](https://docs.matillion.com/metl/docs/4563017/).

***

## Custom connectors and Flex Connectors

You may need to allow the following IP addresses before using [custom connectors](/docs/guides/custom-connector-overview), [Flex connectors](/docs/guides/flex-connector-introduction) or [connecting to your own Git repository](/docs/guides/installing-git-provider-overview).

**UK and EU region:**

```
3.252.50.48/28
13.38.202.208/28
3.252.108.192/28
```

**US region:**

```
44.211.122.80/28
3.145.235.48/28
44.211.178.192/28
```

**AU region:**

```
18.98.199.176/28
```
