Network Requirements
You need to allow inbound and outbound traffic from Coalesce.
Assigning IP Addresses
In Snowflake, IP address policies can be assigned at the Account, Security Integration, and User levels, with a defined precedence. If a policy is set at the Account level, it applies to all users by default. However, a User-specific policy will override the Account policy, applying only to the designated user. Authentication methods like Username/Password and OAuth are subject to User-defined policies, while Key Pair authentication is user-specific, as it involves setting a public key directly for a Snowflake user. Review Snowflake Network policy precedence.
Allow Inbound Traffic from Coalesce
When using Coalesce, we will connect to Snowflake from the following IP addresses. Be sure to allow traffic from all IPs in the respective Coalesce region by locating your domain (URL) below.
Snowflake recommends using Network Rules to update network information.
Running ALTER ACCOUNT SET NETWORK_POLICY = ‘<COALESCE_NETWORK_POLICY> will overwrite any existing network policies, which can lead to other users losing Snowflake access.
If there are current network policies, you should add the Coalesce IPs in the ALLOWED_IP_LIST to the existing policy, instead of replacing the entire policy.
Australia Google
Region: australia-southeast1 (Sydney)
URL: https://app.australia-southeast1.gcp.coalescesoftware.io/
https://app.australia-southeast1.gcp.coalescesoftware.io/34.116.110.251
34.116.123.45
34.116.78.163
34.116.82.99
34.116.87.108
34.116.95.120
34.87.228.146
35.189.32.148
35.189.42.234
35.197.168.207
35.197.183.131
35.201.3.42
35.201.8.86
35.244.65.40
35.244.80.87
35.244.92.117
Canada Google
Region: northamerica-northeast1 (Montreal)
URL: https://app.northamerica-northeast1.gcp.coalescesoftware.io/
https://app.northamerica-northeast1.gcp.coalescesoftware.io/34.118.171.109
34.118.176.56
34.118.178.143
34.118.179.59
34.118.184.77
34.118.185.237
34.152.40.243
34.152.47.123
34.152.60.126
34.47.5.183
34.95.52.67
34.95.61.156
35.203.101.36
35.203.19.34
35.203.75.25
35.234.250.12
Europe AWS
Region: eu-west-2 (London)
13.41.248.239
13.42.148.76
18.130.7.21
18.135.253.206
18.169.255.196
18.169.99.238
18.170.155.204
18.171.123.197
18.171.85.167
3.11.196.74
3.11.205.107
35.176.253.104
35.179.219.167
35.179.57.161
52.56.161.32
Europe Google
Region: europe-west-3 (Frankfurt)
34.141.50.108
34.141.85.173
34.141.97.246
34.159.109.127
34.159.114.61
34.159.213.117
34.159.236.68
34.159.92.100
34.89.148.26
34.89.191.247
35.198.130.208
35.198.149.245
35.198.174.119
35.234.79.196
35.246.145.217
35.246.181.59
Region: europe-west-1 (Belgium)
34.140.252.240
34.140.40.119
34.34.187.119
34.38.117.20
34.76.46.108
34.77.175.48
34.77.181.190
34.77.250.125
34.78.168.214
34.78.28.102
34.79.56.185
35.195.233.21
35.205.140.116
35.205.76.35
35.241.242.232
United States AWS
Region: us-east-1 (Virginia)
18.214.188.200
23.21.137.7
3.222.28.181
3.233.107.188
34.232.239.54
34.234.18.234
35.153.45.74
44.214.13.195
44.214.198.37
44.218.190.25
52.203.105.88
54.162.41.198
54.164.136.234
54.204.122.114
54.237.34.70
Region: us-west-2 (Oregon)
34.212.187.109
34.212.220.146
35.155.62.60
35.164.137.106
44.224.250.156
44.230.62.194
44.236.171.53
52.33.89.80
52.34.52.101
52.37.156.238
52.38.24.181
52.40.254.45
54.184.34.110
54.218.245.200
54.245.169.140
United States Azure
Region: centralus (Iowa)
20.106.19.0/29
20.106.19.8/29
Region: eastus2 (Virginia)
172.210.156.64/29
172.210.156.8/29
Region: westus2 (Washington)
4.242.19.208/29
4.242.19.112/29
Region: southcentral (San Antonio)
4.151.11.104/29
4.151.11.96/29
United States Google
Region: us-central1 (Iowa)
104.197.181.174
104.197.239.181
34.121.9.26
34.122.41.172
34.123.199.186
34.132.232.62
34.30.33.202
34.41.250.208
34.42.195.106
34.68.106.79
34.68.120.84
35.184.36.82
35.193.16.39
35.222.123.215
35.223.203.238
35.239.135.16
Allow Outbound Traffic to Coalesce
It's required to allow outbound HTTPS connectivity on your network to the following domains in order to connect to Coalesce GUI, API, and/or CLI.
https://firestore.googleapis.com
https://firebasestorage.googleapis.com/
https://identitytoolkit.googleapis.com/
https://securetoken.googleapis.com/
https://storage.coalescesoftware.io/
https://app.coalescesoftware.io
https://*.app.coalescesoftware.io
https://app.eu.coalescesoftware.io/
https://*.app.eu.coalescesoftware.io/
https://app.australia-southeast1.gcp.coalescesoftware.io/
https://*.app.australia-southeast1.gcp.coalescesoftware.io/
https://app.us-east-1.aws.coalescesoftware.io/
https://*.app.us-east-1.aws.coalescesoftware.io/
https://app.us-west-2.aws.coalescesoftware.io/
https://*.app.us-west-2.aws.coalescesoftware.io/
| Name | Description |
|---|---|
https://firestore.googleapis.com | Database that holds all metadata. |
https://firebasestorage.googleapis.com | Send deployment metadata from the client about deployments running in the cloud environment. |
https://identitytoolkit.googleapis.com | Authentication mechanism containing all users, providing the user with a JWT for OAuth. |
https://securetoken.googleapis.com | Allows Coalesce to exchange the Access Token to an OAuth JWT. |
https://storage.coalescesoftware.io | CDN hosting for all static assets such as images and JavaScript. |
https://app.coalescesoftware.io | The web application. |
https://*.app.coalescesoftware.io | An alias for the web application to allow SSO. Such as redirecting to a specific organization. |
The Coalesce Command-Line Interface may be used to deploy and run Jobs in an Environment. This omits the requirement to allow list Coalesce IP addresses. However, the above IPs are still used during design time (using the GUI build interface) to connect with the Snowflake warehouse.