Skip to main content

Intro

To access your data using connectors, federated adapters (cloud-based/agentless), or Domo Cloud Amplifier, Domo initiates network connections to your data sources. For these connections to succeed, Domo’s IP addresses need to be allowed through any firewall or other security methods in place for your data sources. Allowlisting (whitelisting) these Domo IP addresses ensures that Domo can connect to your data while still blocking access from other, non-trusted sources.
Note: The federated agent (on-prem deployment) does not require incoming IP allowlisting. For more information about the federated agent architecture, see Manage Your Federated Data Connection.

IP Addresses to Allowlist

Important: The IPs listed below must be allowlisted for your data source (for example, on the firewall or security group protecting your database). You should not add these IPs to the allowlist in your Domo instance. Doing so will block access to your instance from anyone who is not coming from an IP address on the list. If you add these IPs to the allowlist in your Domo instance rather than on your server, users attempting to log into your instance will receive an error that says, “We’re sorry but the system is not performing right now.”
To ensure consistent access to your data from Domo connectors, federated adapters, and/or Cloud Amplifier, you must allow all of the IPs in the section below that corresponds to where your Domo instance is hosted. IPs are given using CIDR notation for convenience when working with AWS Security Groups and other network security systems.
Note: If you are unsure where your Domo instance is hosted, it is most likely US East (AWS).
Tip: A /32 after an IP address is CIDR notation for a single address. Smaller numbers, such as /27, indicate a range of IP addresses.Ex: 3.214.145.64/27 means the range of IPs from 3.214.145.64 to 3.214.145.95 inclusive.
US East (AWS):
3.214.145.64/27 (Includes all IPs from 3.214.145.64 through 3.214.145.95 inclusive.)
54.208.87.122/32
54.208.94.194/32
54.208.95.167/32
54.208.95.237/32
34.202.52.248/32
US East (Azure):
13.92.125.193/32
40.76.8.174/32
US West (AWS):
35.82.136.240/28 (Includes all IPs from 35.82.136.240 through 35.82.136.255 inclusive.)
Australia (AWS):
3.27.80.112/29 (Includes all IPs from 3.27.80.112 through 3.27.80.119 inclusive.)
52.62.103.83/32
Canada (AWS)
15.222.16.24/29 (Includes all IPs from 15.222.16.24 through 15.222.16.31 inclusive.)
Ireland (AWS):
3.252.161.192/29 (Includes all IPs from 3.252.161.192 through 3.252.161.199 inclusive.)
52.18.90.222/32
Japan (AWS):
43.206.163.48/29 (Includes all IPs from 43.206.163.48 through 43.206.163.55 inclusive.)
54.168.46.79/32
India (AWS):
18.96.224.88/29 (Includes all IPs from 18.96.224.88 through 18.96.224.95 inclusive).
Note: For the JSON Advanced Connector, you need to allowlist the IP 34.198.214.100

S3 Bucket Policy for the Amazon S3 Connectors

If your S3 bucket is in a different region than your Domo instance, you should allow the relevant public IPs from the list above. However, if all the following conditions are true, you must allow the Domo VPC Endpoint ID from the list below in your S3 bucket policy. This is because Domo uses a private VPC endpoint for S3 data hosted in the same AWS region as your Domo instance.
  • You use any of the Domo S3 connectors
  • Your Domo instance is in the same region as your S3 bucket
  • You restrict network access via a bucket policy

VPC Endpoint IDs by (Domo) AWS Region

Region

VPC Endpoint IDs

us-east-1 (N. Virginia)

vpce-3857b651

us-west-2 (Oregon)

vpce-0fe65844cf2a31f0a

ap-southeast-2 (Sydney)

vpce-bf4fa1d6

eu-west-1 (Ireland)

vpce-c4788cad

ap-northeast-1 (Tokyo)

vpce-0055e53d26f729c54

ca-central-1 (Canada Central)

vpce-058575bcc0a0034ae

ap-south-1 (Mumbai)

vpce-0c204a0d7fb77896e