---
title: IP addresses to allowlist
slug: '1831'
canonical_url: https://docs.coveo.com/en/1831/
collection: index-content
source_format: adoc
---
# IP addresses to allowlist
If your environment restricts communications by allowing only known IP addresses, you must allowlist Coveo's IP addresses.
This is however optional to use Coveo.

The addresses listed on this page should rarely change.
Should a change be required, Coveo would inform its customers in advance by contacting the administrators of all impacted organizations.

> **Important**
>
> This list is accurate as of the last documentation update. If you encounter connectivity issues even after allowlisting these IPs, please contact [Coveo Support](https://connect.coveo.com/s/case/Case/Default) to verify if any recent changes have occurred.


## Inbound communication

Inbound communication with Coveo takes place when the Coveo cloud-based [crawlers](https://docs.coveo.com/en/2121/) access your on-premises content to index it.

Salesforce customers should allowlist Coveo IP addresses when using [trusted IP ranges](https://help.salesforce.com/apex/HTViewHelpDoc?id=security_networkaccess.htm) to restrict access to your [organization](https://docs.coveo.com/en/185/).

The addresses to allowlist depend on the region where your Coveo organization is deployed.
Jump to the section that corresponds to your organization:

* [US organizations](#us-organizations)
* [Canadian organizations](#canadian-organizations)
* [European organizations](#european-organizations)
* [Australian organizations](#australian-organizations)
* [HIPAA organizations](#hipaa-organizations)

### US organizations

The following IP addresses are used by most Coveo organizations, namely those [deployed in the United States](https://docs.coveo.com/en/2976/):

[%header,cols="~,~"]
|===
|IP addresses
|CIDR notation

a|* `54.84.109.253`
* `54.84.122.250`
* `54.84.126.201`
* `54.84.126.206`
* `54.89.203.159`
* `34.228.114.92`
* `52.1.174.164`
* `34.206.208.119`
* `54.147.101.56`
* `3.143.63.87`
* `18.218.102.25`
* `18.218.142.66`
* `3.129.199.205`
* `18.222.105.207`
* `3.143.72.156`
a|* `54.84.109.253/32`
* `54.84.122.250/32`
* `54.84.126.201/32`
* `54.84.126.206/32`
* `54.89.203.159/32`
* `34.228.114.92/32`
* `52.1.174.164/32`
* `34.206.208.119/32`
* `54.147.101.56/32`
* `3.143.63.87/32`
* `18.218.102.25/32`
* `18.218.142.66/32`
* `3.129.199.205/32`
* `18.222.105.207/32`
* `3.143.72.156/32`
|===

> **Important**
>
> If you enter IP addresses using the CIDR notation, make sure to use the `/32` suffix to restrict the CIDR to a single IP address.
> 
> Using a suffix lower than `/32` would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo's specific IPs.

### Canadian organizations

The following IP addresses are used by organizations [deployed in Canada](https://docs.coveo.com/en/2976/):

[%header,cols="~,~"]
|===
|IP addresses
|CIDR notation

a|* `3.98.234.162`
* `15.156.144.217`
* `35.182.150.88`
* `99.79.134.66`
* `3.98.11.182`
* `3.97.174.104`
a|* `3.98.234.162/32`
* `15.156.144.217/32`
* `35.182.150.88/32`
* `99.79.134.66/32`
* `3.98.11.182/32`
* `3.97.174.104/32`
|===

> **Important**
>
> If you enter IP addresses using the CIDR notation, make sure to use the `/32` suffix to restrict the CIDR to a single IP address.
> 
> Using a suffix lower than `/32` would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo's specific IPs.

### European organizations

The following IP addresses are used by organizations [deployed in Ireland](https://docs.coveo.com/en/2976/):

[%header,cols="~,~"]
|===
|IP addresses
|CIDR notation

a|* `34.242.107.147`
* `54.170.3.6`
* `54.170.30.39`
* `54.228.23.165`
* `79.125.87.0`
* `52.38.148.217`
a|* `34.242.107.147/32`
* `54.170.3.6/32`
* `54.170.30.39/32`
* `54.228.23.165/32`
* `79.125.87.0/32`
* `52.38.148.217/32`
|===

> **Important**
>
> If you enter IP addresses using the CIDR notation, make sure to use the `/32` suffix to restrict the CIDR to a single IP address.
> 
> Using a suffix lower than `/32` would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo's specific IPs.

### Australian organizations

The following IP addresses are used by organizations [deployed in Australia](https://docs.coveo.com/en/2976/):

[%header,cols="~,~"]
|===

|IP addresses
|CIDR notation

a|* `13.236.154.182`
* `13.211.9.156`
* `3.106.44.249`
* `54.206.25.172`
* `52.65.144.94`
* `54.252.102.158`
a|* `13.236.154.182/32`
* `13.211.9.156/32`
* `3.106.44.249/32`
* `54.206.25.172/32`
* `52.65.144.94/32`
* `54.252.102.158/32`
|===

> **Important**
>
> If you enter IP addresses using the CIDR notation, make sure to use the `/32` suffix to restrict the CIDR to a single IP address.
> 
> Using a suffix lower than `/32` would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo's specific IPs.

### HIPAA organizations

The following IP addresses are used by Coveo HIPAA organizations only:

[%header,cols="~,~"]
|===

|IP addresses
|CIDR notation

a|* `52.207.117.192`
* `34.197.57.255`
* `34.198.140.110`
* `34.200.73.232`
* `52.55.181.180`
* `34.199.215.203`
* `18.214.193.57`
* `54.211.244.247`
* `52.4.190.210`
a|* `52.207.117.192/32`
* `34.197.57.255/32`
* `34.198.140.110/32`
* `34.200.73.232/32`
* `52.55.181.180/32`
* `34.199.215.203/32`
* `18.214.193.57/32`
* `54.211.244.247/32`
* `52.4.190.210/32`
|===

When these IP addresses aren't allowlisted, you'll see error codes such as `SALESFORCE_UNABLE_TO_AUTHENTICATE_IP_RESTRICTED` for Salesforce sources.

> **Important**
>
> If you enter IP addresses using the CIDR notation, make sure to use the `/32` suffix to restrict the CIDR to a single IP address.
> 
> Using a suffix lower than `/32` would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo's specific IPs.

## Outbound communication

Sometimes, you may also have to restrict the list of IP addresses with which your server can communicate with Coveo.
If you [use the Push API](https://docs.coveo.com/en/68/) or the [Coveo Crawling Module](https://docs.coveo.com/en/3260/), or if your server needs to perform queries, navigate to the [`AWS IP Ranges JSON`](https://ip-ranges.amazonaws.com/ip-ranges.json) and allowlist all IP address ranges that are associated with CloudFront edge servers and all ranges from your [primary deployment region](https://docs.coveo.com/en/2976/):

* `us-east-1` and `us-east-2` for organizations whose primary deployment is in the US region.
* `ca-central-1` for organizations whose primary deployment region is in the Canada region.
* `eu-west-1` for organizations whose primary deployment is in the Ireland region.
* `ap-southeast-2` for organizations whose primary deployment is in the Australia region.

Coveo for Sitecore customers should allowlist all necessary IP address ranges for the [various services this product calls](https://docs.coveo.com/en/2535/).