Security: What IP address range can I whitelist for my DB connection?

I have a database that my streamlit app connects to. I don’t want the DB firewall rules to be wide open and would at least like to narrow it down to the datacentre / region that Streamlit cloud is hosted on.

I know Streamlit is hosted on Google Cloud (GCP) but I can’t see any docs as to what IP range that would be.

Obviously I could write an API to wrap by DB but it’s just experimental code and I’d rather not go to the effort (the value and sensitivity of the data is zero).

As things stand, a port scanner eventually finds my DB and even though it can’t break the security it can affect availability.

Hello @rba100, welcome to our community! :wave:

We used to have six stable outbound IP addresses, however, IP allowlisting is now retired. More context in this post:

I hope this helps.


Hi Charly,

IP allowlisting won’t be possible on Community Cloud going forward since the platform is geared towards community members trying to share their apps and code publicly

The allowlisting is for the database, not to restrict the app to certain users. As things stand no Streamlit Community Cloud application can access a database without that database violating standard security practices. For the time being I’ve just allowed a bunch of GCP endpoints at random and I’ve not been attacked again.

As an aside, I take it Snowflake is the intended way to go for people wanting to develop non-trivial Streamlit apps? (which tbh doesn’t feel like what Streamlit is for - i.e. if things are getting more complicated than an ML showcase then maybe it shouldn’t be a Streamlit?).

I love the simplicity of the framework btw, it’s great for prototyping.