- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2017 09:42 AM
We are doing a ServiceNow/Slack integration and created a scripted REST service that Slack requests from. However, these requests technically are coming from Slacks servers who use AWS. Their IP addresses are dynamic and constantly changing.
Because we have IP restrictions on our instance, no matter which IP addresses we whitelist, the integration will stop working when the Slack servers IP addresses change.
For other customers who have similar use cases, how have you approached issues like this? We would prefer not to remove all IP restrictions to our instance.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2019 07:31 AM
The recommended approach according to the Slack Success team is to use a reverse proxy in AWS. Your Slack application will then connect via the reverse proxy in AWS and you would only need to white-list the single IP address of your reverse proxy, rather than white-listing a bunch of subnets from AWS.
If you still want to white-list the entire AWS subnets for a specific region, you can obtain that list from AWS directly here: https://ip-ranges.amazonaws.com/ip-ranges.json
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2017 10:48 AM
This is a good breakdown, might help:
http://joeyday.com/2015/03/02/integrating-servicenow-with-slack/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2017 08:02 AM
That is a good article, but only discusses the SN to Slack integration, not the Slack to SN integration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2017 08:06 AM
Would you be open to dynamically adding/updating the AWS IP ranges to your IP whitelist? I know it's a big set, but it would still be better than having the instance open to the entire internet.
Also, if you could get Slack to confirm on which AWS region(s) they host in, only those ranges could be added to the whitelist.
I'm pursuing something similar for another customer allowing access from Azure. I'd like to eventually open-source that solution once it's more stable than a proof-of-concept.
JarodM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2018 04:03 PM
Did anyone find a solution for this?
Please mark this response as correct or helpful if it assisted you with your question.
