Skip to main content

Prepare the Environment for Lacework

Preparing your environment for Lacework typically requires a few configuration adjustments, as described in this topic.

Lacework IPs

Lacework may attempt to connect to endpoints in your environment for various purposes, including for alerting (such as alerting through a web hook) or for image vulnerability scans of container registries.

To prepare your environment for Lacework, you need to configure any allow-lists to permit inbound connections from Lacework for the IP addresses listed in the following sections.

Region-Specific IPs




Lacework IaC IPs

The following IPs are only required for Lacework Infrastructure As Code (IaC) Security.

Outbound FQDN

If your Lacework Console users need to connect to Lacework from a firewalled environment, you must configure your allow-lists to permit outbound HTTP traffic to the following domains: