Work with ip-ranges.json
Download
Download ip-ranges.json
If you access this file programmatically, it is your responsibility to ensure that the application downloads the file only after successfully verifying the TLS certificate presented by the server.
Filtering the JSON file
You can download a command line tool to help you filter the information to just what you are looking for.
Windows
The Amazon Tools for Windows PowerShell includes a cmdlet, Get-AWSPublicIpAddressRange
,
to parse this JSON file. The following examples demonstrate its use. For more information, see Querying the Public IP Address Ranges for Amazon
Example 1. Get the creation date
PS C:\>
Get-AWSPublicIpAddressRange -OutputPublicationDate
Wednesday, August 22, 2018 9:22:35 PM
Example 2. Get the information for a specific Region
PS C:\>
Get-AWSPublicIpAddressRange -Region us-east-1
IpPrefix Region NetworkBorderGroup Service -------- ------ ------- ------- 23.20.0.0/14 us-east-1 us-east-1 AMAZON 50.16.0.0/15 us-east-1 us-east-1 AMAZON 50.19.0.0/16 us-east-1 us-east-1 AMAZON ...
Example 3. Get all IP addresses
PS C:\>
(Get-AWSPublicIpAddressRange).IpPrefix
23.20.0.0/14 27.0.0.0/22 43.250.192.0/24 ... 2406:da00:ff00::/64 2600:1fff:6000::/40 2a01:578:3::/64 2600:9000::/28
Example 4. Get all IPv4 addresses
PS C:\>
Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix
IpPrefix -------- 23.20.0.0/14 27.0.0.0/22 43.250.192.0/24 ...
Example 5. Get all IPv6 addresses
PS C:\>
Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv6"} | select IpPrefix
IpPrefix -------- 2a05:d07c:2000::/40 2a05:d000:8000::/40 2406:dafe:2000::/40 ...
Example 6. Get all IP addresses for a specific service
PS C:\>
Get-AWSPublicIpAddressRange -ServiceKey CODEBUILD | select IpPrefix
IpPrefix -------- 52.47.73.72/29 13.55.255.216/29 52.15.247.208/29 ...
Linux
The following example commands use the
jq tool
Example 1. Get the creation date
$
jq .createDate < ip-ranges.json
"2016-02-18-17-22-15"
Example 2. Get the information for a specific Region
$
jq '.prefixes[] | select(.region=="us-east-1")' < ip-ranges.json
{ "ip_prefix": "23.20.0.0/14", "region": "us-east-1", "network_border_group": "us-east-1", "service": "AMAZON" }, { "ip_prefix": "50.16.0.0/15", "region": "us-east-1", "network_border_group": "us-east-1", "service": "AMAZON" }, { "ip_prefix": "50.19.0.0/16", "region": "us-east-1", "network_border_group": "us-east-1", "service": "AMAZON" }, ...
Example 3. Get all IPv4 addresses
$
jq -r '.prefixes | .[].ip_prefix' < ip-ranges.json
23.20.0.0/14 27.0.0.0/22 43.250.192.0/24 ...
Example 4. Get all IPv6 addresses
$
jq -r '.ipv6_prefixes | .[].ipv6_prefix' < ip-ranges.json
2a05:d07c:2000::/40 2a05:d000:8000::/40 2406:dafe:2000::/40 ...
Example 5. Get all IPv4 addresses for a specific service
$
jq -r '.prefixes[] | select(.service=="CODEBUILD") | .ip_prefix' < ip-ranges.json
52.47.73.72/29 13.55.255.216/29 52.15.247.208/29 ...
Example 6. Get all IPv4 addresses for a specific service in a specific Region
$
jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="CODEBUILD") | .ip_prefix' < ip-ranges.json
34.228.4.208/28
Example 7. Get information for a certain network border group
$
jq -r '.prefixes[] | select(.region=="us-west-2") | select(.network_border_group=="us-west-2-lax-1") | .ip_prefix' < ip-ranges.json
70.224.192.0/18 52.95.230.0/24 15.253.0.0/16 ...
Implementing egress control
To allow resources you've created with one Amazon service to only access other Amazon
services, you can use the IP address range information in the ip-ranges.json file to
perform egress
filtering
Note
Some Amazon services built on EC2 and use EC2 IP address space. If you block traffic to EC2 IP address space, you block traffic to these non-EC2 services as well.