Network Requirements

You need to allow inbound and outbound traffic from Coalesce.

Allow IP Addresses at the Account Level

IP addresses should be on the allow list at the account level and not the user level.

Allow Inbound Traffic from Coalesce

When using Coalesce, we will connect to Snowflake from the following IP addresses. Be sure to allow traffic from all IPs in the respective Coalesce region by locating your domain (URL) below.

Snowflake recommends using Network Rules to update network information.

Updating Network Policies

Running ALTER ACCOUNT SET NETWORK_POLICY = ‘<COALESCE_NETWORK_POLICY> will overwrite any existing network policies, which can lead to other users losing Snowflake access.

If there are current network policies, you should add the Coalesce IPs in the ALLOWED_IP_LIST to the existing policy, instead of replacing the entire policy.

Google Cloud Platform (GCP)

United States (GCP)

US Central 1

Domain:app.coalescesoftware.io

IP Addresses:

184.36.82
122.41.172
197.181.174
197.239.181
42.195.106
68.106.79
68.120.84
223.203.238
132.232.62
123.199.186
30.33.202
193.16.39
239.135.16
41.250.208
222.123.215
121.9.26

Europe

Europe West 3

Domain: app.eu.coalescesoftware.io
IP Addresses:

89.191.247
89.148.26
246.145.217
141.50.108
159.114.61
198.174.119
159.236.68
141.97.246
141.85.173
159.92.100
234.79.196
246.181.59
159.213.117
198.149.245
198.130.208
159.109.127

Australia

Southeast 1

Domain: app.australia-southeast1.gcp.coalescesoftware.io

IP Addresses:

116.123.45
116.78.163
244.80.87
116.95.120
201.3.42
244.92.117
197.183.131
116.87.108
189.42.234
201.8.86
189.32.148
116.82.99
116.110.251
87.228.146
197.168.207
244.65.40

Microsoft Azure

United States (Azure)

Central US

Domain: app.centralus.azure.coalescesoftware.io
IP Address: 20.106.19.0/29

US West 2 (Azure)

Domain: app.westus2.azure.coalescesoftware.io
IP Address: 4.242.19.208/29

US East 2

Domain: app.eastus2.azure.coalescesoftware.io
IP Address: 172.210.156.64/29

Amazon Web Services (AWS)

United States

US East 1

Domain: app.us-east-1.aws.coalescesoftware.io
IP Addresses:

164.136.234
204.122.114
153.45.74
222.28.181
162.41.198
237.34.70
218.190.25
214.13.195
233.107.188
203.105.88
214.198.37
21.137.7
214.188.200
234.18.234
232.239.54

US West 2 (AWS)

Domain: app.us-west-2.aws.coalescesoftware.io
IP Addresses:

34.52.101
245.169.140
40.254.45
184.34.110
218.245.200
230.62.194
236.171.53
38.24.181
33.89.80
37.156.238
224.250.156
155.62.60
212.220.146
164.137.106
212.187.109

Allow Outbound Traffic to Coalesce

It's required to allow outbound HTTPS connectivity on your network to the following domains in order to connect to Coalesce GUI, API, and/or CLI.

https://firestore.googleapis.com
https://firebasestorage.googleapis.com/
https://identitytoolkit.googleapis.com/
https://securetoken.googleapis.com/
https://storage.coalescesoftware.io/
https://app.coalescesoftware.io
https://*.app.coalescesoftware.io
https://app.eu.coalescesoftware.io/
https://*.app.eu.coalescesoftware.io/
https://app.australia-southeast1.gcp.coalescesoftware.io/
https://*.app.australia-southeast1.gcp.coalescesoftware.io/
https://app.us-east-1.aws.coalescesoftware.io/
https://*.app.us-east-1.aws.coalescesoftware.io/
https://app.us-west-2.aws.coalescesoftware.io/
https://*.app.us-west-2.aws.coalescesoftware.io/

Name	Description
`https://firestore.googleapis.com`	Database that holds all metadata.
`https://firebasestorage.googleapis.com`	Send deployment metadata from the client about deployments running in the cloud environment.
`https://identitytoolkit.googleapis.com`	Authentication mechanism containing all users, providing the user with a JWT for OAuth.
`https://securetoken.googleapis.com`	Allows Coalesce to exchange the Access Token to an OAuth JWT.
`https://storage.coalescesoftware.io`	CDN hosting for all static assets such as images and JavaScript.
`https://app.coalescesoftware.io`	The web application.
`https://*.app.coalescesoftware.io`	An alias for the web application to allow SSO. Such as redirecting to a specific organization.

In-Network Command-Line Interface

The Coalesce Command-Line Interface may be used to deploy and run Jobs in an Environment. This omits the requirement to allow list Coalesce IP addresses. However, the above IPs are still used during design time (using the GUI build interface) to connect with the Snowflake warehouse.

Assigning IP Addresses

In Snowflake, IP address policies can be assigned at the Account, Security Integration, and User levels, with a defined precedence. If a policy is set at the Account level, it applies to all users by default. However, a User-specific policy will override the Account policy, applying only to the designated user. Authentication methods like Username/Password and OAuth are subject to User-defined policies, while Key Pair authentication is user-specific, as it involves setting a public key directly for a Snowflake user. Review Snowflake Network policy precedence

Allow Inbound Traffic from Coalesce​

Google Cloud Platform (GCP)​

United States (GCP)​

US Central 1​

Europe​

Europe West 3​

Australia​

Southeast 1​

Microsoft Azure​

United States (Azure)​

Central US​

US West 2 (Azure)​

US East 2​

Amazon Web Services (AWS)​

United States​

US East 1​

US West 2 (AWS)​

Allow Outbound Traffic to Coalesce​

Assigning IP Addresses​