Pipeline using VPC endpoint or bitbucket account
プラットフォームについて: Cloud のみ - この記事は、 クラウド プラットフォームのアトラシアン製品にのみ適用されます。
要約
In case the correct IPs configured under your corporate firewall are whitelisted, check for these two possible issues:
AWS S3 resource is inaccessible from the Pipeline
Or, the IP accessing in S3 resource is different than the whitelisted IPs
ソリューション
When AWS tries to access the resource in the same region that Bitbucket Pipeline is running, it uses internal VCP tunneling to access the AWS resource. In this case, AWS internal private IPs are used for the connection instead of Public IPs. Bitbucket Cloud does this to significantly increase the performance of caches and artifacts (among other things) and reduce build times.
Unfortunately, this also means that requests for those services do not come from the documented public IP ranges. The pipeline runs in either the us-east-1
region or us-west-2
based on the Pipeline failover strategy.
For resolving this, you need to whitelist the below VPC Ids in their Policy and it should fix the problem.
The VPC details used by Pipeline are as follows in the table:
Cluster name | VPC Endpoint |
---|---|
prod1.us-west-2 | vpce-02695b404b6173e31 |
prod1.us-east-1 | vpce-0de8dff0d15d1f136 |
prod2.us-east-1 | vpce-0a2e337c9bd0e91c0 |
prod3.us-east-1 | vpce-00fa4667d3afab957 |
prod4.us-east-1 | vpce-0c1cad66851b2ad32 |