Is your feature request related to a problem? Please describe.
Currently, there is no easy way to programmatically access the IP ranges of DigitalOcean's uptime monitoring bots and app platform within Terraform configurations. This makes it challenging to configure external security groups, firewalls, or other network-related resources that require knowledge of these specific IP ranges.
Describe the solution you'd like
Add a new data source digitalocean_managed_services_ip_ranges to the DigitalOcean Terraform provider. This data source should return a list of IP ranges (both IPv4 and IPv6) used by DigitalOcean's managed services, with a specific focus on uptime monitoring bots and app platform.
The data source should:
Fetch the latest IP ranges from DigitalOcean's API or a published list.
Allow filtering by service type (e.g., uptime monitoring bots, app platform).
Return the IP ranges in CIDR format.
Example usage:
data "digitalocean_managed_services_ip_ranges" "all" {}
data "digitalocean_managed_services_ip_ranges" "uptime" {
service = "uptime"
}
data "digitalocean_managed_services_ip_ranges" "app_platform" {
service = "app_platform"
}
resource "digitalocean_firewall" "example" {
name = "allow-uptime-and-app-platform"
inbound_rule {
protocol = "tcp"
port_range = "80"
source_addresses = concat(
data.digitalocean_managed_services_ip_ranges.uptime.ipv4_cidrs,
data.digitalocean_managed_services_ip_ranges.app_platform.ipv4_cidrs
)
}
}
Describe alternatives you've considered
Manually maintaining a list of IP ranges for app platform in the Terraform configuration, but this is error-prone and requires frequent updates as DigitalOcean may change these ranges.
Using external data sources or local-exec provisioners to fetch the IP ranges, but this adds complexity and potential security risks to the Terraform workflow.
Creating separate data sources for each service (e.g., digitalocean_uptime_ip_ranges and digitalocean_app_platform_ip_ranges), but this would lead to more data sources and potentially more complex provider code.
This feature would be particularly useful for users who need to configure secure access to their resources while allowing DigitalOcean's uptime monitoring bots to check their services and app platform to deploy and manage applications. It would simplify the process of setting up firewalls and security groups that need to whitelist these specific DigitalOcean managed services.
Is your feature request related to a problem? Please describe.
Currently, there is no easy way to programmatically access the IP ranges of DigitalOcean's uptime monitoring bots and app platform within Terraform configurations. This makes it challenging to configure external security groups, firewalls, or other network-related resources that require knowledge of these specific IP ranges.
Describe the solution you'd like
Add a new data source
digitalocean_managed_services_ip_rangesto the DigitalOcean Terraform provider. This data source should return a list of IP ranges (both IPv4 and IPv6) used by DigitalOcean's managed services, with a specific focus on uptime monitoring bots and app platform.The data source should:
Example usage:
Describe alternatives you've considered
digitalocean_uptime_ip_rangesanddigitalocean_app_platform_ip_ranges), but this would lead to more data sources and potentially more complex provider code.Additional context
DigitalOcean provides IP ranges for their services refer: https://www.digitalocean.com/community/questions/list-of-do-ip-ranges
This feature would be particularly useful for users who need to configure secure access to their resources while allowing DigitalOcean's uptime monitoring bots to check their services and app platform to deploy and manage applications. It would simplify the process of setting up firewalls and security groups that need to whitelist these specific DigitalOcean managed services.