0

We are trying to build a Salesforce API integration for our platform that will be called from a service in Cloud Run. The client has asked us for the range of IP addresses that the service will be called from, as their Salesforce account has requires a whitelist of IP addresses for connected apps.

We have mapped a custom domain to the cloud run instance using the Domain Mappings feature, which involved setting some A and AAAA records to map it successfully.

Do we just need to provide the client with this list of IP addresses? Or do we have to go through the process of assigning a static IP address?

We have set up Cloud Run to use a custom domain using the Domain Mappings feature. We're aware it's possible to set up a static IP address https://cloud.google.com/run/docs/configuring/static-outbound-ip we just need to know if it's required if they have asked for a range.

Tomdavenport1
  • 3
  • 2

1 Answers1

1

Google publishes an IP address list. That covers all Google services including user resources such as Compute Engine. That list is large and not secure because it includes services allocated to customers. If your vendor requires an IP address to whitelist, you must allocate a NAT Gateway, assign it a static IP address, and then route Cloud Run traffic through your VPC. There are guides and tutorials on setting that up such as this one:

Static outbound IP address

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Thanks, follow up question - probably a separate question - If I map a custom domain using the "Domain Mappings" feature, will that include the standard cloud armor WAF protection, or does cloud armor only apply to services using a load balancer? – Tomdavenport1 Jun 12 '23 at 09:34
  • @Tomdavenport1 - Cloud Armor is not part of Cloud Run. Cloud Armor is attached to a load balancer. The Google Frontend (GFE) does provide some protection. Create a new post for more information. – John Hanley Jun 12 '23 at 13:48