Vercel's infrastructure uses a range of dynamic IP addresses.
- Hobby and Pro customers can restrict access to their deployments through Deployment Protection and Firewall custom rules
- Enterprise customers with Vercel Secure Compute can establish private connections between Vercel Functions and backend infrastructure such as databases.
This guide will show how to allowlist IP addresses for a deployment using Vercel Secure Compute.
Vercel Secure Compute gives your the ability to restrict connections between your backend infrastructure and your Vercel deployments. This might be necessary for teams with more strict security and compliance rules. Secure Compute places your builds and deployments in an isolated, private network with dedicated IP addresses.
To enable Vercel Secure Compute for a project:
- Vercel places your project's build infrastructure and deployment in a private network
- This network will have a specific dedicated IP address pair
- You can optionally exclude the build container from this private network
- Secure Compute provides private networks with automatically assigned IP pairs, accessible through the Vercel Dashboard
- On requesting access, Vercel creates one private network in a chosen Vercel Function region
- Multiple private networks can be created within the same team by making requests through the Dashboard
- The Secure Compute feature affects Vercel Functions using the Node.js runtime only
Each private network is deployed within a specific Vercel Function region. We recommend to pick a region for the private network that aligns with the location of your backend cloud to ensure optimal performance.
After obtaining your dedicated IP pair:
- Utilize the IP pair to set up an access control list for your backend infrastructure.
- Besides IP-based authentication, ensure the use of additional authentication methods like user/password or an authentication key.
Within a team:
- Connect a private network with the environment of your Project's deployment, i.e., Vercel Functions and Incremental Static Regeneration (ISR)
- A single private network can be used across multiple projects, sharing the same IP pair
- For heightened security or larger teams, assign one private network to each project. This way, every project has a unique dedicated IP pair
- If deploying Vercel Functions in multiple regions, use multiple private networks, ensuring distinct IP pairs per region
- Allocate various IPs to different types of projects for enhanced security and management
For those with rigorous security and compliance requirements, Vercel can provide guidance tailored to specific needs. Reach out if dedicated IP addresses aren't sufficient for your case.
Leveraging Vercel Secure Compute ensures enhanced privacy and security for your Vercel deployments. It allows you to maintain a private connection between your Serverless Functions and backend infrastructure, significantly reducing potential risks.