AWS Developer Tools Blog

Querying the Public IP Address Ranges for AWS

A post on the AWS Official Blog last November noted that the authoritative public IP address ranges used by AWS could now be obtained from a JSON-format file. The same information can now be accessed easily from AWS Tools for Windows PowerShell with a new cmdlet, Get-AWSPublicIpAddressRange, without the need to parse JSON. This cmdlet was added in version 2.3.15.0.

When run with no parameters, the cmdlet outputs all of the address ranges to the pipeline:

PS C:> Get-AWSPublicIpAddressRange

IpPrefix                    Region             Service
--------                    ------             -------
50.19.0.0/16                us-east-1          AMAZON
54.239.98.0/24              us-east-1          AMAZON
...
50.19.0.0/16                us-east-1          EC2
75.101.128.0/17             us-east-1          EC2
...
205.251.192.0/21            GLOBAL             ROUTE53
54.232.40.64/26             sa-east-1          ROUTE53_HEALTHCHECKS
...
54.239.192.0/19             GLOBAL             CLOUDFRONT
204.246.176.0/20            GLOBAL             CLOUDFRONT
...

If you’re comfortable using the pipeline to filter output, this may be all you need, but the cmdlet is also able to filter output using the -ServiceKey and -Region parameters. For example you can get the address ranges for EC2 across all regions like this (the parameter value is case insensitive):

PS C:> Get-AWSPublicIpAddressRange -ServiceKey ec2

Similarly, you can get the address ranges used by AWS in a given region:

PS C:> Get-AWSPublicIpAddressRange -Region us-west-2

Both of these parameters accept string arrays and can be supplied together. This example shows how to get the address ranges for Amazon EC2 and Amazon Route53 health checks in both US West regions:

PS C:> Get-AWSPublicIpAddressRange -ServiceKey ec2,route53_healthchecks -Region us-west-1,us-west-2

IpPrefix                    Region              Service
--------                    ------              -------
184.72.0.0/18               us-west-1           EC2
54.215.0.0/16               us-west-1           EC2
...
54.214.0.0/16               us-west-2           EC2
54.245.0.0/16               us-west-2           EC2
...
54.241.32.64/26             us-west-1           ROUTE53_HEALTHCHECKS
54.245.168.0/26             us-west-2           ROUTE53_HEALTHCHECKS
54.244.52.192/26            us-west-2           ROUTE53_HEALTHCHECKS
54.183.255.128/26           us-west-1           ROUTE53_HEALTHCHECKS

As noted in the original post, this information can change several times per week. You can find the publication date and time of the current information using the -OutputPublicationDate switch. The returned value here is a DateTime object:

PS C:> Get-AWSPublicIpAddressRange -OutputPublicationDate

Monday, December 15, 2014 4:41:01 PM

The set of service keys may change over time (see AWS IP Address Ranges for current documentation on this information). The current set of keys in use in the file can be obtained using the -OutputServiceKeys switch:

PS C:> Get-AWSPublicIpAddressRange -OutputServiceKeys

AMAZON
EC2
ROUTE53
ROUTE53_HEALTHCHECKS
CLOUDFRONT

If you’ve read this far and are thinking that this would also be useful for your C#/.NET applications, then you’ll be glad to know it’s also exposed in the AWS SDK for .NET. See the AWSPublicIpAddressRanges class in the Amazon.Util namespace for more details.

We hope you find this new capability useful in your scripts. If you have ideas for other cmdlets that you would find useful, be sure to leave a comment!