Tealium IP addresses to allow
This article lists the IP addresses that customers need to allowlist to allow the Customer Data Hub (CDH) to communicate with external systems.
We are adding IP addresses to all of our data processing regions to maintain seamless operations with increased server-side traffic. If the new IP addresses are not added to your current allowlist before the roll-out date, you may notice increased connector errors, function action errors, and files not being read from S3 file services outside of Tealium.
Additional IP addresses
If you are using allowlists (also known as safelists or whitelists), include the new IP addresses to continue operating without increased error rates.
The additional IP addresses will be introduced on the following dates:
- Apr 29, 2024 - US (Oregon)
- May 6, 2024 - EU (Ireland and Frankfurt)
- May 13, 2024 - APJ (Hong Kong, Sydney, Tokyo)
- May 20, 2024 - US (US East 1)
After the change, you can check the following three indicators to test if you are being impacted due to missing IP addresses from your allowlist in your firewall configuration:
- Increased connector or function action errors as seen in the Tealium UI (error message will depend on the third-party vendor).
- Reduced traffic from Tealium to your vendor endpoints.
- File import files are no longer getting processed (Tealium is being blocked from pulling files from your non-AWS S3 file service location).
This change will not impact customers who use IP allowlists as an additional security measure to control user login access to the Tealium platform. The scope is limited to traffic flowing through Tealium’s platform and does not include our UI.
How it works
The CDH communicates with external systems during the following operations:
- Sending data to external systems with connector actions.
- Performing custom actions in functions.
- Retrieving files from File Import data sources, except AWS S3.
If an external system restricts access to only an approved list of IP addresses, then add all of the following IP addresses to your allowlist:
| IP Address | Region | Location |
|---|---|---|
| 50.18.192.141 * 52.52.159.89 * 54.153.15.248 54.176.233.190 * 54.183.127.212 54.193.243.80 |
us-west-1 |
San Jose, California |
| 34.208.6.185 35.83.9.139 35.155.164.60 * 35.155.225.25 * 35.163.73.149 44.228.182.113 44.231.202.70 44.238.18.189 * 52.32.22.16 |
us-west-2 |
Oregon |
| 3.210.6.72 * 3.210.238.60 * 3.214.63.89 23.23.136.136 34.224.220.100 44.220.225.247 54.82.200.66 54.164.73.126 107.23.142.239 * |
us-east-1 |
Ashburn, Virginia |
| 34.251.234.107 52.30.45.164 52.31.156.52 52.48.83.213 52.209.154.50 54.76.122.246 54.195.193.79 54.229.215.104 * 108.128.75.88 |
eu-west-1 |
Dublin, Ireland |
| 3.72.173.191 3.79.77.159 3.125.211.165 18.193.100.101 18.195.141.132 18.198.88.136 18.199.16.199 52.29.52.87 52.29.185.253 * 54.93.104.232 |
eu-central-1 |
Frankfurt, Germany |
| 16.163.133.41 * 16.163.255.152 18.163.149.136 * 18.166.4.167 * 18.167.208.249 18.167.237.249 43.198.29.150 43.198.173.159 43.199.6.88 |
ap-east-1 |
Hong Kong |
| 13.112.219.50 * 35.72.125.147 35.74.186.82 35.76.187.92 52.68.25.59 52.69.49.172 * 52.196.255.145 54.64.29.101 54.64.71.25 * |
ap-northeast-1 |
Tokyo, Japan |
| 3.25.4.61 * 13.54.68.127 13.54.118.13 13.237.193.244 * 13.237.225.69 52.62.159.75 * 52.64.214.94 52.64.154.49 54.253.220.122 |
ap-southeast-2 |
Sydney, Australia |
* Original IP address list
OAuth calls, test connections, and File Import data source test connections (except AWS S3) use the US-West-1 region. Only login information passes through OAuth calls and test connections, not client data.
AWS S3
Tealium File Import can retrieve files from either the included Tealium S3 bucket or your S3 bucket. If you want to retrieve files from your company’s own S3 bucket (not the included Tealium S3 bucket), the AWS bucket policy allowlist must include the VPCe IDs (VPC endpoint IDs) below and the above IP addresses.
For more information about AWS bucket policies, see the following articles in the AWS documentation:
- Adding a bucket policy by using the Amazon S3 console
- Controlling access from VPC endpoints with bucket policies
| VPC Endpoints ID | Region |
|---|---|
| vpce-0a90f919e7498cdde | ap-east-1 (Hong Kong) |
| vpce-0a4bf8ead3aea5037 | ap-northeast-1 (Tokyo) |
| vpce-0c7d746d995509e11 | ap-southeast-2 (Sydney) |
| vpce-0846ac0c8e0640982 | eu-central-1 (Germany) |
| vpce-0e9f722cf43431023 | eu-west-1 (Ireland) |
| vpce-0a993429061ac314f | us-east-1 (Virginia) |
| vpce-0ce7ea5d3270c6ebf | us-west-2 (Oregon) |
| vpce-00e07d2d5e4b55215 | us-west-1 (California) |
This page was last updated: April 11, 2024