home User Guide Getting Started Help Center Documentation Community Training Certification
menu
close
settings
Looker keyboard_arrow_down
language keyboard_arrow_down
English
Français
Deutsch
日本語
search
print
Looker documentation will be moving to cloud.google.com in mid-2022!
All the information you rely on will be migrated and all docs.looker.com URLs will be redirected to the appropriate page.
Enabling secure database access

Looker-hosted instances — Many companies prefer to use a Looker-hosted instance for the simplicity, ease of implementation, and reduced support costs. In this case, the data that passes between Looker and the database travels over the public Internet, on shared infrastructure. Consequently, it is important to ensure data security. Use one of the options on this page to ensure that your network can connect securely to your Looker-hosted instance.

Customer-hosted instances — Customers who are hosting their own Looker instance may be on the same private network as their database. However, if that is not the case, be sure to secure your data as well, perhaps using the types of options suggested on this page. For an IP address allowlist, add to the allowlist the IP address or addresses where your Looker instance is hosted.

These are the options for enabling secure database access for your instance, from simplest to most complex:

See the following sections for details.

Option 1: IP address allowlist

The first step is to limit access to your data from the network layer. We recommend granting access to your database only from specific, trusted hosts.

The list of IP addresses that are needed to allow network traffic from your Looker instance can be found on the Connections page in the Admin panel. Click Public IP Addresses and copy the IP address(es) that are shown.

All network traffic from Looker will come from one of the listed IP addresses, depending on the region where your Looker instance is hosted. Prohibiting traffic to your database, except from these and other trusted IP addresses, is an easy way to limit data access.

These allowlist IP addresses also apply to SFTP and SMTP destinations and for LDAP servers that restrict IP traffic. If you are using custom mail settings for SMTP, be sure to add Looker’s IP addresses to your SMTP server’s IP allowlist. Also, if you want to deliver content from Looker to an SFTP server, be sure to add Looker’s IP addresses to your SFTP server’s IP allowlist or inbound traffic rules. If your LDAP server restricts IP traffic, you will need to add Looker’s IP addresses to your LDAP server’s IP allowlist or inbound traffic rules.

The complete list of IP addresses for all Looker-hosted envrionments can be found on this page.

You do not need to add all the IP addresses for your region to your allowlist. For the most accurate and condensed list, please refer to the Public IP Addresses button shown in the Connections page in the Admin panel.

Legacy hosting

Use these IP addresses for all instances that are hosted on AWS and that were created before 07/07/2020.

Click here for a full list of IP addresses for legacy hosting keyboard_arrow_right

United States (AWS default)

  • 54.208.10.167
  • 54.209.116.191
  • 52.1.5.228
  • 52.1.157.156
  • 54.83.113.5

Canada

  • 99.79.117.127
  • 35.182.216.56

Asia

  • 52.68.85.40
  • 52.68.108.109

Ireland

  • 52.16.163.151
  • 52.16.174.170

Germany

  • 18.196.243.94
  • 18.184.246.171

Australia

  • 52.65.128.170
  • 52.65.124.87

South America

  • 52.67.8.103
  • 54.233.74.59

Next-generation hosting

Use these IP addresses for all instances that are hosted on Google Cloud Platform (GCP) and all instances that are hosted on Amazon Elastic Kubernetes Service (Amazon EKS) and that were created on or after 07/07/2020.

Click here for a full list of IP addresses for next-generation hostingkeyboard_arrow_right

Instances hosted on Google Cloud Platform (GCP)

Looker-hosted instances are hosted on GCP by default. For instances that are hosted on GCP, add to the allowlist the IP addresses that match your region.

Moncks Corner, South Carolina, USA (us-east1)

  • 34.75.58.123
  • 35.196.30.110
  • 35.243.254.166
  • 34.111.239.102
  • 35.237.174.17
  • 34.73.200.235
  • 35.237.168.216

Ashburn, Northern Virginia, USA (us-east4)

  • 35.221.30.177
  • 35.245.82.73
  • 35.194.74.185
  • 35.245.177.112
  • 34.86.118.239
  • 34.86.52.188
  • 35.221.3.163
  • 35.245.211.109
  • 34.86.136.190
  • 34.86.214.226
  • 35.221.62.218
  • 34.86.34.135
  • 35.236.240.168
  • 34.150.212.9
  • 34.150.174.54
  • 34.85.200.217

Council Bluffs, Iowa, USA (us-central1)

  • 34.69.207.176
  • 34.70.128.74
  • 35.239.118.197
  • 104.154.21.231
  • 35.192.130.126
  • 35.184.100.51

The Dalles, Oregon, USA (us-west1)

  • 34.82.120.25
  • 35.247.5.99
  • 35.197.64.57
  • 35.233.172.23
  • 35.233.249.160
  • 35.247.55.33
  • 35.247.117.0
  • 35.247.61.151
  • 34.82.193.215
  • 35.233.222.226
  • 34.83.94.151
  • 35.203.184.48
  • 34.83.138.105
  • 35.197.35.188
  • 34.127.116.85
  • 34.145.90.83
  • 34.127.41.199
  • 34.82.57.225
  • 35.197.66.244

Montréal, Québec, Canada (northamerica-northeast1)

  • 35.234.253.103
  • 35.203.46.255`
  • 34.152.60.210

London, England, UK (europe-west2)

  • 35.189.94.105
  • 35.246.36.67
  • 35.234.140.77
  • 34.142.77.18
  • 34.105.131.133
  • 34.89.54.84
  • 34.89.124.139
  • 34.89.25.5
  • 34.105.209.44
  • 34.105.181.133
  • 35.242.138.133
  • 34.105.219.154
  • 34.89.127.51
  • 35.246.10.206
  • 35.189.111.173
  • 35.197.222.220
  • 34.105.198.151
  • 35.246.117.58
  • 34.142.123.96

Frankfurt, Germany (europe-west3)

  • 34.159.224.187
  • 34.159.10.59
  • 34.159.72.77
  • 35.242.243.255
  • 34.159.247.211
  • 35.198.128.126

Mumbai, India (asia-south1)

  • 34.93.221.137
  • 35.244.24.198
  • 35.244.52.179

Eemshaven, Netherlands (europe-west4)

  • 35.204.118.28
  • 35.204.216.7
  • 34.90.52.191

Changhua County, Taiwan (asia-east1)

  • 104.199.206.209
  • 34.80.173.212
  • 35.185.137.114

Tokyo, Japan (asia-northeast1)

  • 35.221.107.211
  • 34.85.3.198
  • 34.146.68.203
  • 34.84.4.218

Jurong West, Singapore (asia-southeast1)

  • 34.143.210.116
  • 34.143.132.206
  • 34.87.134.202

Jakarta, Indonesia (asia-southeast2)

  • 34.101.158.88
  • 34.101.157.238
  • 34.101.184.52

Sydney, Australia (australia-southeast1)

  • 34.87.195.36
  • 34.116.85.140
  • 34.151.78.48

Osasco (São Paulo), Brazil (southamerica-east1)

  • 34.151.199.201
  • 35.199.122.19
  • 34.95.180.122

Instances hosted on Amazon Elastic Kubernetes Service (Amazon EKS)

For instances that are hosted on Amazon EKS, add to the allowlist the IP addresses that match your region.

US East (N. Virginia) (us-east-1)

  • 52.44.90.201
  • 54.87.86.113
  • 54.162.193.165
  • 34.235.77.117
  • 3.233.169.63
  • 54.159.42.144
  • 3.229.81.101
  • 34.225.255.220
  • 34.200.121.56
  • 3.83.72.41
  • 54.197.142.238
  • 34.239.90.169
  • 34.236.92.87
  • 3.220.81.241
  • 52.44.187.22
  • 23.22.133.206
  • 18.213.96.40
  • 35.168.173.238
  • 54.162.175.244
  • 54.80.5.17
  • 34.200.64.243
  • 54.157.231.76
  • 18.206.32.254
  • 52.7.255.54
  • 54.196.92.5
  • 52.204.125.244
  • 52.203.92.114
  • 52.3.47.189
  • 184.73.10.85
  • 52.55.10.236
  • 3.230.52.220
  • 54.211.95.150
  • 52.86.109.68
  • 54.159.176.199
  • 52.55.239.166
  • 75.101.147.97
  • 54.92.246.223
  • 18.235.225.163
  • 54.204.171.253
  • 18.210.137.130
  • 50.17.192.87
  • 18.208.86.29

US East (Ohio) (us-east-2)

  • 3.135.171.29
  • 18.188.208.231
  • 3.143.85.223

US West (Oregon) (us-west-2)

  • 44.237.129.32
  • 54.184.191.250
  • 35.81.99.30

Canada (Central) (ca-central-1)

  • 52.60.157.61
  • 35.182.169.25
  • 52.60.59.128
  • 35.182.207.128
  • 15.222.172.64
  • 3.97.27.51
  • 35.183.191.133
  • 15.222.86.123
  • 52.60.52.14

Europe (Ireland) (eu-west-1)

  • 54.74.243.246
  • 54.195.216.95
  • 54.170.208.67
  • 52.49.220.103
  • 52.31.69.117
  • 34.243.112.76
  • 52.210.85.110
  • 52.30.198.163
  • 34.249.159.112
  • 52.19.248.176
  • 54.220.245.171
  • 54.247.22.227
  • 176.34.116.197
  • 54.155.205.159
  • 52.16.81.139

Europe (Frankfurt) (eu-central-1)

  • 18.157.231.108
  • 18.157.207.33
  • 18.157.64.198
  • 18.198.116.133
  • 3.121.148.178
  • 3.126.54.154
  • 18.193.187.100
  • 18.196.108.86
  • 18.198.157.149

Asia Pacific (Tokyo) (ap-northeast-1)

  • 54.250.91.57
  • 13.112.30.110
  • 54.92.76.241

Asia Pacific (Sydney) (ap-southeast-2)

  • 13.238.132.174
  • 3.105.238.71
  • 3.105.113.36

South America (São Paulo) (sa-east-1)

  • 54.232.58.181
  • 54.232.58.98
  • 177.71.134.208

Instances hosted on Microsoft Azure

For instances that are hosted on Azure, add to the allowlist the IP addresses that match your region.

Virginia, USA (us-east2)

  • 52.147.190.201

Option 2: SSL encryption

A second option is to enable SSL encryption on your database. SSL prevents anyone from being able to intercept the data between Looker and your database.

You’ll first need to complete the IP address allowlist instructions in the Option 1: IP address allowlist section on this page. Further instructions for SSL encryption are dialect specific; for links to SSL instructions, see the Database configuration instructions section on the Looker dialects documentation page.

Option 3: SSH tunnel

The third option you can use to protect your data is an SSH tunnel. Using a tunnel provides an encrypted connection and extra authentication for enhanced security. Instructions for this option are provided on the Using an SSH tunnel documentation page.

Next steps

After you have enabled secure database access, you’re ready to configure your database for Looker.

Top