How to get AWS Service Public IP Ranges ?
Use cases
Sometimes we operate On-premise system or very strict security system that require action whitelist in network egress or ingress like:
- I want to whitelist ingress AWS Cloudfront Public IP Range to my Origin system
- I want to whitelist egress destination AWS S3 Public IP Range in my source service call
How do we can get AWS Service Public IP Ranges ?
Information
AWS Cloud Provider have published officially document about this need at: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
AWS will give you a link with format json contain all information of AWS Service Public IP Ranges follow each region in the world.
You can get with cli like:
- List AWS S3 Public Ip Range
1
2
3
4
5
6
7
$ curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="S3") | .ip_prefix'
3.5.140.0/22
52.219.170.0/23
52.219.168.0/24
52.95.150.0/24
52.219.60.0/23
...
- List AWS Cloudfront Public Ip Range
1
2
3
4
5
6
$ curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="CLOUDFRONT") | .ip_prefix'
120.52.22.96/27
205.251.249.0/24
180.163.57.128/26
204.246.168.0/22
...
Okay, then you can play with that list ip ranges to get what you need from AWS Service IP Public Range.