Skip to main content

Network Requirements

You need to allow inbound and outbound traffic from Coalesce.

Assigning IP Addresses

In Snowflake, IP address policies can be assigned at the Account, Security Integration, and User levels, with a defined precedence. If a policy is set at the Account level, it applies to all users by default. However, a User-specific policy will override the Account policy, applying only to the designated user. Authentication methods like Username/Password and OAuth are subject to User-defined policies, while Key Pair authentication is user-specific, as it involves setting a public key directly for a Snowflake user. Review Snowflake Network policy precedence.

Allow Inbound Traffic from Coalesce

When using Coalesce, we will connect to Snowflake from the following IP addresses. Be sure to allow traffic from all IPs in the respective Coalesce region by locating your domain (URL) below.

Snowflake recommends using Network Rules to update network information.

Updating Network Policies

Running ALTER ACCOUNT SET NETWORK_POLICY = ‘<COALESCE_NETWORK_POLICY> will overwrite any existing network policies, which can lead to other users losing Snowflake access.

If there are current network policies, you should add the Coalesce IPs in the ALLOWED_IP_LIST to the existing policy, instead of replacing the entire policy.

Loading data...

Allow Outbound Traffic to Coalesce

It's required to allow outbound HTTPS connectivity on your network to the following domains in order to connect to Coalesce GUI, API, and/or CLI.

https://firestore.googleapis.com
https://firebasestorage.googleapis.com/
https://identitytoolkit.googleapis.com/
https://securetoken.googleapis.com/
https://storage.coalescesoftware.io/
https://app.coalescesoftware.io
https://*.app.coalescesoftware.io
https://app.eu.coalescesoftware.io/
https://*.app.eu.coalescesoftware.io/
https://app.australia-southeast1.gcp.coalescesoftware.io/
https://*.app.australia-southeast1.gcp.coalescesoftware.io/
https://app.us-east-1.aws.coalescesoftware.io/
https://*.app.us-east-1.aws.coalescesoftware.io/
https://app.us-west-2.aws.coalescesoftware.io/
https://*.app.us-west-2.aws.coalescesoftware.io/
NameDescription
https://firestore.googleapis.comDatabase that holds all metadata.
https://firebasestorage.googleapis.comSend deployment metadata from the client about deployments running in the cloud environment.
https://identitytoolkit.googleapis.comAuthentication mechanism containing all users, providing the user with a JWT for OAuth.
https://securetoken.googleapis.comAllows Coalesce to exchange the Access Token to an OAuth JWT.
https://storage.coalescesoftware.ioCDN hosting for all static assets such as images and JavaScript.
https://app.coalescesoftware.ioThe web application.
https://*.app.coalescesoftware.ioAn alias for the web application to allow SSO. Such as redirecting to a specific organization.
In-Network Command-Line Interface

The Coalesce Command-Line Interface may be used to deploy and run Jobs in an Environment. This omits the requirement to allow list Coalesce IP addresses. However, the above IPs are still used during design time (using the GUI build interface) to connect with the Snowflake warehouse.