The Renovate App runs on ephemeral EC2 instances on AWS so currently it is not possible to whitelist the Renovate IP range without whitelisting an entire region of AWS, which defeats the purpose.
Resolving this would require either:
Registering our own IP address range and mapping that into AWS (pretty time-intensive and expensive), or
Running all outbound requests via a proxy like Squid. This greatly increases our chances of triggering IP-based blacklists for many services though, or
Running outbound requests for non-public services through a proxy. e.g. private npm registries go through a proxy but npmjs.org does not
Running all requests per-account through a proxy
Any solution requiring a proxy increases costs in multiple ways, including the cost of maintaining and monitoring redundancy/availability of multiple proxies.
The Renovate App runs on ephemeral EC2 instances on AWS so currently it is not possible to whitelist the Renovate IP range without whitelisting an entire region of AWS, which defeats the purpose.
Resolving this would require either:
Any solution requiring a proxy increases costs in multiple ways, including the cost of maintaining and monitoring redundancy/availability of multiple proxies.