Stable IPs for Namespace Endpoints is now Generally Available.
If your Workers connect to Temporal Cloud over public internet but must run behind a firewall, you can now allowlist a fixed set of IPs in your firewall for your traffic from your Workers to Temporal Cloud.
How it works
Create a public Connectivity Rule with
enableStableIps: true(tcld, Cloud Ops API, or Terraform).Attach the rule to the Namespace(s) you want on Stable IPs.
Fetch the IP list from the public JSON file at https://docs.temporal.io/json/stable-ip-ranges-prod.json and add the ranges for your region to your firewall allowlist.
Point your Workers at the Namespace Endpoint (
<namespace>.<account>.tmprl.cloud).
What you should know
No additional cost. Stable IPs is a free, opt-in setting at this time.
Namespace Endpoint only. Stable IPs apply to Namespace Endpoint traffic. Regional Endpoints and PrivateLink VPC Endpoints are unaffected.
PrivateLink remains the recommended option. Stable IPs are intended for environments that cannot use PrivateLink.