Skip to content

Network access and IP AllowList requirements🔗

If you are using the Full SaaS version of Maia, you may need to configure your source systems to accept requests from a set range of IP addresses. If the Hybrid SaaS version means you have installed some hybrid agents in your cloud infrastructure and don't want to allow unrestricted outbound access, then you will need to allow access to a specified range of IP addresses.

Agents and Git repositories🔗

Full SaaS🔗

If you're using a Full SaaS Maia Foundation runner configuration, you may need to allow the following IP address ranges from which Maia Foundation runners will call out to their source systems or to cloud data platforms. The IP addresses differ between EU and US regions.

UK and EU region:

3.253.125.96/28
3.145.243.112/28

US region:

44.213.193.16/28
13.39.113.112/28

Hybrid SaaS agents and Git repositories🔗

This applies to both Maia Foundation runners and Streaming runners.

If you're using a Hybrid SaaS deployment, note that it only necessitates outbound communication. For added security measures—along with ensuring access to any desired data sources for Maia—you need to allow the following IP address ranges to enable communication between the agent and Maia. You must also allow outbound communication on port 443 from the agent container to Maia.

For users connecting to their own external repositories (such as "connect your own Git" on Github or Azure DevOps), these IPs will need to be allowed on the repository or organization being connected to.

Note that these IP addresses vary between the EU and US regions.

UK and EU region:

3.252.50.48/28
13.38.202.208/28

US region:

44.211.122.80/28
3.145.235.48/28

You also need to include the following DNS entries in your outbound allowlist:

Global:

keycloak.core.matillion.com

EU region:

opentelemetry.eu1.core.matillion.com

US region:

opentelemetry.us1.core.matillion.com

You must also ensure that any other internal services (for example, AWS or Azure) are accessible, as well as the source systems you wish to connect to (for example, Oracle or SAP).

Ensure connectivity from the agent container to your data warehouse. For example, when connecting to Snowflake, allow outbound access to ports 80 and 443. Port 443 is used for standard communication, while port 80 is required for OCSP certificate validation checks.

Connecting Matillion ETL to Maia🔗

When configuring a connection from Matillion ETL to Maia, allow list the following address: api.billing.matillion.com.

If you need to allow a static IP address, allow the following outbound addresses (on port 443) in your security group:

13.248.217.21
76.223.69.85

Full details on connecting Matillion ETL to Maia are provided in Configuring a connection from Matillion ETL to Maia.

Custom connectors and Flex Connectors🔗

You may need to allow the following IP addresses before using custom connectors, Flex connectors or connecting to your own Git repository.

UK and EU region:

3.252.50.48/28
13.38.202.208/28

US region:

44.211.122.80/28
3.145.235.48/28

Data Loader CDC🔗

Allow outbound communication on port 443 from the CDC agent container to Maia for initiating the websocket connection. The initial connection is from the CDC agent out to Maia—ongoing communication is then bidirectional, but there is no need to allow inbound traffic.

The specific endpoints that the CDC agent must communicate with are:

ws-us.matillion-cdc-prod.matillion.com
ws-eu.matillion-cdc-prod.matillion.com
© Copyright 2026 Matillion Ltd | Legal | Privacy Policy | Disclaimer | Modern Slavery Statement