Some third-party platforms may find it necessary to whitelist connections made from your Porter-provisioned infrastructure. This guide walks you through determining the egress IPs used by your applications.

AWS

AWS CLI

After ensuring you have the AWS CLI installed and configured to access the account which contains your Porter cluster, run the following command:

aws --region <REGION> ec2 describe-nat-gateways --filter "Name=tag-key,Values=*/cluster/<CLUSTER_NAME>" --query "NatGateways[*].NatGatewayAddresses[0].PublicIp"

You’ll need to replace <CLUSTER_NAME> and <REGION> with the name, and region of your cluster. This command will return the egress IP which you can use to whitelist your workloads with third party platforms. In case your cluster has multiple gateways, there will be multiple egress IPs.

AWS VPC Console

  1. Log into the AWS account containing your Porter cluster, and navigate to the VPC console in the appropriate region for your cluster.

  2. In the left pane, select NAT gateways, and you’ll be able to see your cluster’s NAT gateways; they’ll be named after your cluster, and have a tag porter.run/managed: true

  3. Copy the contents of Primary public IP - this serves as the egress IP which you can use to whitelist your workloads with third party platforms. In case your cluster has multiple gateways, there will be multiple egress IPs.

Azure

Azure CLI

After ensuring you have the Azure CLI installed and configured to access the account which contains your Porter cluster, run the following command:

az aks show -g <resource-name> -n <cluster-name> --query 'networkProfile.loadBalancerProfile.effectiveOutboundIPs[].id'

You need to replace <resource-name> with the name of the resource group your cluster is deployed into and <cluster-name> with the name of your cluster. This command should return an array with only one ID.

After that, you should run

az network public-ip show --ids <id> --query ipAddress -o tsv

where <id> is the ID you got from the previous command (preferably between quotes). Note that the ID is the full path displayed by the previous command, and not just the UUID at the end.

From the last command, you should see your static egress IP as its output.

Google Cloud Platform (GCP)

gcloud CLI

After ensuring you have the GCP gcloud CLI installed and configured to access the account which contains your Porter cluster, run the following command:

gcloud compute addresses list --filter="region:REGION AND users~.*routers/.*-cloud-router$"

You’ll need to replace REGION with the region that your cluster was deployed in. If your cluster name is my-cluster, then your egress IP will be my-cluster-cloud-nat-ip This command will return the egress IP which you can use to whitelist your workloads with third party platforms. In case your cluster has multiple gateways, there will be multiple egress IPs.

GCP Console

  1. Log into the GCP console, and navigate to Cloud NAT

  2. Search for your cluster name in the search bar, and click on the ‘Gateway Name’

  3. Your clusters IP address will be listed under “Cloud NAT Rules” as “Cloud NAT IPs”

Role Based Access ControlConfiguring AWS ALB