Network Requirements
You need to allow inbound and outbound traffic from Coalesce.
Assigning IP Addresses
In Snowflake, IP address policies can be assigned at the Account, Security Integration, and User levels, with a defined precedence. If a policy is set at the Account level, it applies to all users by default. However, a User-specific policy will override the Account policy, applying only to the designated user. Authentication methods like Username/Password and OAuth are subject to User-defined policies, while Key Pair authentication is user-specific, as it involves setting a public key directly for a Snowflake user. Review Snowflake Network policy precedence.
Allow Inbound Traffic from Coalesce
When using Coalesce, we will connect to Snowflake from the following IP addresses. Be sure to allow traffic from all IPs in the respective Coalesce region by locating your domain (URL) below.
Snowflake recommends using Network Rules to update network information.
Running ALTER ACCOUNT SET NETWORK_POLICY = ‘<COALESCE_NETWORK_POLICY> will overwrite any existing network policies, which can lead to other users losing Snowflake access.
If there are current network policies, you should add the Coalesce IPs in the ALLOWED_IP_LIST to the existing policy, instead of replacing the entire policy.
Allow Outbound Traffic to Coalesce
It's required to allow outbound HTTPS connectivity on your network to the following domains in order to connect to Coalesce GUI, API, and/or CLI.
https://firestore.googleapis.com
https://firebasestorage.googleapis.com/
https://identitytoolkit.googleapis.com/
https://securetoken.googleapis.com/
https://storage.coalescesoftware.io/
https://app.coalescesoftware.io
https://*.app.coalescesoftware.io
https://app.eu.coalescesoftware.io/
https://*.app.eu.coalescesoftware.io/
https://app.australia-southeast1.gcp.coalescesoftware.io/
https://*.app.australia-southeast1.gcp.coalescesoftware.io/
https://app.us-east-1.aws.coalescesoftware.io/
https://*.app.us-east-1.aws.coalescesoftware.io/
https://app.us-west-2.aws.coalescesoftware.io/
https://*.app.us-west-2.aws.coalescesoftware.io/
| Name | Description |
|---|---|
https://firestore.googleapis.com | Database that holds all metadata. |
https://firebasestorage.googleapis.com | Send deployment metadata from the client about deployments running in the cloud environment. |
https://identitytoolkit.googleapis.com | Authentication mechanism containing all users, providing the user with a JWT for OAuth. |
https://securetoken.googleapis.com | Allows Coalesce to exchange the Access Token to an OAuth JWT. |
https://storage.coalescesoftware.io | CDN hosting for all static assets such as images and JavaScript. |
https://app.coalescesoftware.io | The web application. |
https://*.app.coalescesoftware.io | An alias for the web application to allow SSO. Such as redirecting to a specific organization. |
The Coalesce Command-Line Interface may be used to deploy and run Jobs in an Environment. This omits the requirement to allow list Coalesce IP addresses. However, the above IPs are still used during design time (using the GUI build interface) to connect with the Snowflake warehouse.