# Network / IP range
By default, any network request (e.g. an HTTP request or a connection to a database) you make from Pipedream will originate from the
us-east-1 region of AWS. AWS publishes the IP address range (opens new window) for all regions, but Pipedream shares this range with other services using AWS.
If you use a service that requires you whitelist a range of IP addresses, you have two options.
# HTTP requests
If you need to send HTTP requests to a service from a fixed range of IP addresses, see these docs.
# Non-HTTP traffic (databases, etc.)
If you need to connect to a service from a fixed range of IP addresses, you can setup a bastion server (opens new window). A bastion server only runs an SSH service (like OpenSSH (opens new window)) that listens for incoming SSH connections. You can connect to the bastion host from any IP address, but when you configure the firewall for your service (like your database), you open it up only to the IP address of your bastion server.
Then, in your Pipedream workflow, you can tunnel the connection (opens new window) to your service through the bastion host.
Here are two example workflows that show you how to connect to services through a bastion server:
- Run a MySQL query through an SSH tunnel (opens new window)
- Run a PostgreSQL query through an SSH tunnel (opens new window)
# Feature request for Pipedream restricting its IP range
Pipedream plans to restrict the range of IP addresses for workflows in the future. Please upvote this GitHub issue (opens new window) to follow the status of that work.