Issue Summary

My company operates Redash at EC2.
We restrict the IP addresses that can be accessed by Security Groups.
In the past, just by allowing IP addresses of 52.7.250.0, images of the graph were uploaded by Slack bot.
However, recently the image of the graph has not been uploaded with the IP address of 52.7.250.0 alone.
As I looked it seemed to be accessing with various IP addresses.
Is it possible to fixed the IP address that Slack bot accesses to create graph images?

Technical details:

1 Like

Yes, we moved the service that creates the snapshots to AWS Lambda and it no longer has a static IP. We might move it into our VPC at some point, which has a static IP address (using NAT gateway), but no ETA for this.

Thank you for your reply.
For security, I would like to allow Redash to access only slack bots, but is there a way to do that?

For now you don’t have any option like this :frowning:

Hi @arikfr & team. Checking to see if this has changed at all.

Same situation as @178inaba, we have a self hosted rehash instance and unable use the slackbot because we aren’t allowed to open the firewall the whole internet. If a set of Slackbot IP addresses was published we could open to just them.

1 Like

This may or may not be helpful — https://stackoverflow.com/questions/38759599/slack-webhook-which-ips-should-i-open

Thanks for the suggestion @bennywij. Unfortunately this will not be a solution for me. To be clear it is not Slack’s IP ranges I need to whitelist but the Redash Bot’s IP addresses, as it is the bot that connects to the self-hosted Redash instance not Slack.

While our testing of the bot proves it’s super useful, the requirement to expose our Redash instance to the whole internet is too much of a risk to accept.

The AWS solution as @arikfr noted last year is moving the bot’s lambda service to a private VPC. EG https://medium.com/@matthewleak/aws-lambda-functions-with-a-static-ip-89a3ada0b471

1 Like

Ohhh, I understand now. Thanks for the explainer. I wasn’t aware of the redash slack bot!

1 Like

We do plan on moving it into our VPC, whcih will give it a static IP address but can’t commit to ETA on this one. We will review internally how much effort this is and will update.

3 Likes

Any updates on this? We have a self-hosted instance of Redash and we’d like to hook up the Slack bot, but we’ll need to add a static IP to a passlist for the bot to access it.

1 Like