# Configuring Custom Script IP Addresses

When you are using a custom script in your TD Workflow, you might need
to make sure that the IP addresses that Treasure Data needs are
whitelisted by your firewall. You can use the following IP addresses to selectively open your
firewalls (or public cloud equivalent, such as security groups in AWS)
to allow the custom scripts used in your workflows to access external
systems.

US

```
3.228.35.123
34.237.48.37
54.82.188.250
```

Tokyo

```
13.113.15.50
13.113.238.22
3.114.18.100
```

EU01

```
3.123.157.139
3.123.165.104
35.156.7.239
```

AP02

```
13.124.198.125
13.124.232.4
15.164.37.234
```

### S3 Bucket Policy Configuration for Custom Scripts

When your S3 bucket is in the same region as your Treasure Data endpoint, you must set a VPC ID to allow TD's access to the bucket and still restrict access.

| Region | VPC Value |
|  --- | --- |
| TOKYO | vpc-02690016f16b2594a |
| US | vpc-08587b74afed87821 |
| EU01 | vpc-0e10340fd5339a2f8 |
| AP02 | vpc-0fe32f7e147f124be |