> For the complete documentation index, see [llms.txt](https://docs.dinmo.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.dinmo.io/security-and-privacy/networking.md). # Networking To ensure secure connectivity when connecting to your environments, DinMo supports several access methods: **IP whitelisting**, **SSH tunneling**, and, for Amazon Redshift, **AWS Systems Manager Session Manager (SSM) tunneling**. SSH tunneling allows DinMo to establish a secure, encrypted connection through a bastion host. SSM tunneling allows DinMo to reach a private Redshift endpoint through AWS Session Manager port forwarding, without requiring a public SSH bastion. In addition, you can whitelist DinMo static IP addresses to restrict access to DinMo services. {% hint style="success" %} These methods help limit network exposure while keeping access controlled by your infrastructure policies. {% endhint %} You can combine methods when needed. For example, a direct connection can use IP allowlisting, while a private Redshift endpoint can use SSH or SSM tunneling. Choosing the right approach depends on your internal policies and infrastructure. ### IP Addresses To enhance network security and ensure seamless connectivity with DinMo, you can allowlist DinMo egress IP addresses. By doing so, you allow access from DinMo services while protecting your network from unauthorized access. **IP Addresses for Whitelisting** For the default GCP deployment, allowlist the following IP address: `34.38.245.85` *(europe-west1)*. If your workspace runs on another DinMo deployment, confirm the egress IP address to allowlist with your DinMo team before opening access. ### SSH Tunneling {% hint style="info" %} This feature is only supported for [Amazon Redshift](/integrations/data-sources/aws-redshift.md) for now.\ If you need SSH Tunneling for another data source, do not hesitate to reach out to our product team. {% endhint %} #### How it works SSH tunnel requires an `sshd` service running on a bastion host that is accessible from the public internet. Our systems initiate an SSH connection to this bastion and then forward traffic from there to the private service you define. #### Setup {% hint style="info" %} (Optional) You may need to whitelist DinMo's IP addresses to let our systems connect to your bastion host. Refer to the [above section](#ip-addresses) to learn more about IP addresses. {% endhint %} 1. When creating a new source, select **“SSH Tunnel”** as the connection type. 2. Fill out the SSH Host or IP and the SSH Port * These are the connection details for your public-facing bastion server host. * The port is most likely 22, standard for `sshd`. The field is filled with this information by default 3. Enter a username for this SSH connection 4. Click on **"Generate SSH Tunnel"** and copy the public key which is generated. Add this to the `~/.ssh/authorized_keys` file for the user you've just filled in. ### SSM Tunneling {% hint style="info" %} SSM tunneling is supported for [Amazon Redshift](/integrations/data-sources/aws-redshift.md). {% endhint %} #### How it works SSM tunneling uses AWS Systems Manager Session Manager port forwarding. DinMo assumes an IAM role in your AWS account, starts an SSM session to a managed target, and forwards traffic from that target to the Redshift endpoint. This method does not require the Redshift endpoint to be public and does not require a public SSH bastion. #### Setup 1. Ensure an EC2 instance or managed instance is registered with AWS Systems Manager. 2. Ensure this SSM-managed target can reach the Redshift host and port from inside your AWS network. 3. When creating a Redshift source, select **"SSM tunnel"** as the connection type. 4. Fill in the SSM managed target ID, the AWS region of the target, and the AWS role ARN DinMo should assume. 5. Apply the AWS role and policy commands generated by DinMo in the source setup flow. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dinmo.io/security-and-privacy/networking.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.