Jira Cloud IP Allowlisting and Automation Web Request

I have automation rules that call Jira Cloud REST APIs of itself.

e.g. I have automation rule that sends web request to read group membership (/rest/api/3/group/member?groupname=)

But if I enable IP allowlisting, the rule will fail:

Send web request

Error publishing web request. Response HTTP status:

403

Error response HTTP body:

{ “errorMessages”: [ “The IP address has been rejected because it is not on the allowedlist. See your admin for more information.” ], “errors”: {} }

The IP list at https://ip-ranges.atlassian.com/ has 122 entries, while IP allowlisting only allows 100 items.

I need 2 for my users, so I only got 98 left.

How do I know which IPs are used for automation web reqeusts? I tried filtering the 122 IPs based on region, product or direction, but the results are either too huge (>98) or not working (IP still blocked for automation rule).

Run this JavaScript on the IP list page (https://ip-ranges-atlassian.com/):

var json = JSON.parse(document.body.innerText);
var list = new Set();
json.items.filter(function(entry){
return (
entry.direction.indexOf(“egress”) != -1 &&
entry.product.indexOf(“jira”) != -1 &&
entry.mask_len == 28
);
}).forEach(function(entry){
list.add(entry.cidr);
});
var result = “”;
list.forEach(function(item) {
result += “,” + item
});
console.log(result.substring(1));

The result is a comma-delimited list of CIDRs, currently size 15.

With those added Automation rules can use Web Request on REST APIs in the same site.

Good that you found the relevant IP addresses to whitelist and that it’s now working for you.
But honestly, I would have expected that Jira’s own REST API is always accessible from Automation. For an automation point-of-view I see it as an extension of the existing Automation building blocks, and therefore expect to be able to call it without any whitelisting. Is that something that Atlassian can set up, or maybe is already possible in another way?