Ports and IP-Addresses
This page lists the ports and IP-addresses iconik uses when communicating.
Ports
HTTPS - Port 443
All communication with iconik itself is performed over HTTPS (or its variants HTTP/2 or QUIC) on port 443. All communication is initiated from the client
Direct ISG-to-ISG transfer - Default port 8443
When two iconik Storage Gateways are configured to allow direct transfers they can communicate over the customer's internal network. The default port for this is 8443 but this can be configured in the Storage Settings. For more information see the Direct ISG-to-ISG transfer page.
IP Addresses
iconik is available on Google Cloud and AWS. The IP addresses used for accessing each system is different and are listed below.
Incoming IP-addresses
The only IP-addresses iconik uses for incoming traffic are the ones resolved from the following hostnames:
Incoming Google Cloud
- app.iconik.io - 35.227.253.187
- eu.iconik.io - 34.120.119.116
- us.iconik.io - 35.244.244.40
Incoming AWS
For iconik on AWS we use AWS Elastic Load Balancers which doesn't use static ip addresses. Because of this we cannot give exact IP addresses for whitelisting incoming connections to the iconik system. The system uses the hostnames listed below which you can use to restrict traffic if your system supports restricting based on hostnames.
- app.aws.iconik.io
- eu.aws.iconik.io
- us.aws.iconik.io
Incoming Additional information
In addition to this, iconik will also reference resources hosted in cloud buckets. The exact addresses for these will depend on the storage service used. If exact addresses are required for your firewall configuration, please reach out to iconik support.
The standard iconik buckets for files, proxies and keyframes use https://storage.googleapis.com/ as the endpoint. This endpoint does not have a static ip address so if you need to limit connectivity you will either have to use the URL if your firewall/proxy supports this, or set up a dedicated cloud bucket for files, proxies and keyframes with a static ip.
Outgoing IP-addresses
Custom actions and webhook callbacks are initiated from iconik. These requests will always originate from one of the following addresses:
Outgoing Google Cloud
This list of addresses are used for outgoing connections from iconik on Google Cloud
- 35.189.220.183 (EU)
- 34.78.105.187 (EU)
- 35.224.65.52 (US)
- 35.194.10.191 (US)
Outgoing AWS
This list of addresses are used for outgoing connections from iconik on AWS
- 13.53.65.73 (EU)
- 44.224.72.151 (US)
Outgoing additional information
Please note that the above addresses only are used for webhooks and custom actions. For storage access we are using dynamic addresses assigned by Google or AWS respectively. For Google Cloud you can find the full list of ip addresses used at https://cloud.google.com/compute/docs/faq#find_ip_range and for AWS at https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html but please note that this list is updated periodically and we have no control over which addresses are assigned to our compute resources. If you use bring-your-own-bucket for storage you will need to make sure you open up ports and ip addresses used by the storage vendor.
Outgoing Email
The iconik service uses Sendgrid for outgoing email. Outgoing email is sent with the envelope from domain em8139.iconik.io and the user-visible email address is always from the iconik.io domain (such as noreply@iconik.io or similar).
Outgoing email from the iconik service is currently sent from the following ip addresses and hostnames, thought this is subject to change at short notice if we have to for operational reasons:
- 149.72.176.194 - o1.sendgrid-out.iconik.io
- 159.183.135.8 - o2.sendgrid-out.iconik.io
Email from the iconik.io domain may sometimes also be sent from other sources, such as our support system or our email marketing system. If you wish to obtain a full list of potential ip addresses, please see a list of ip addresses listed in our SPF records using a free SPF lookup service such as https://dmarcian.com/spf-survey/
All iconik email is sent with DKIM signatures and will only be sent from sources listed in our SPF record.