What is the address and port i have to allow in the firewall for an ansible server to connect to ansible galaxy?

Hello Forum,

i was searching for a while now but ican only seem to find answers how to manage a firewall with ansible, but not how to set a firewall to allow an ansible server with blocked internet access to connect to galaxy to download modules.

So, here ist the question: in my organisation i have to make a formal change request to the firewall team that includes address and ports to open.
I have to put them into the form and then they will allow thos one server to access these ports on the given address.

what is address and ports i have to fill in for my internal server to reach ansible galaxy?

Hi, simply just ask to open this FQDN galaxy.ansible.com on port 443

thank you, i will do that

Here are some IPs for that hostname, but we logged 52.216.44.234 (in AWS) and 169.254.169.254 (metadata) as well. Our policy is based on FQDNs, where is the documentation?

DNS says galaxy.ansible.com has address 104.26.1.234, 104.26.0.234, 172.67.68.251, 2606:4700:20::681a:1ea, 2606:4700:20::ac43:44fb, 2606:4700:20::681a:ea

galaxy.ansible.com:443 utilizes Cloudflare which lists their range of IP’s here: IP Ranges

Collections are stored and downloaded from AWS S3 via ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com:443. Amazon lists their range of IP’s here: https://ip-ranges.amazonaws.com/ip-ranges.json

Enabling these FQDN in your proxy is sufficient to download collections:

• galaxy.ansible.com
• ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.