AWS Developer Tools Blog

Querying the Public IP Address Ranges for AWS

A post on the AWS Official Blog last November noted that the authoritative public IP address ranges used by AWS could now be obtained from a JSON-format file. The same information can now be accessed easily from AWS Tools for Windows PowerShell with a new cmdlet, Get-AWSPublicIpAddressRange, without the need to parse JSON. This cmdlet was added in version

When run with no parameters, the cmdlet outputs all of the address ranges to the pipeline:

PS C:> Get-AWSPublicIpAddressRange

IpPrefix                    Region             Service
--------                    ------             -------                us-east-1          AMAZON              us-east-1          AMAZON
...                us-east-1          EC2             us-east-1          EC2
...            GLOBAL             ROUTE53             sa-east-1          ROUTE53_HEALTHCHECKS
...             GLOBAL             CLOUDFRONT            GLOBAL             CLOUDFRONT

If you’re comfortable using the pipeline to filter output, this may be all you need, but the cmdlet is also able to filter output using the -ServiceKey and -Region parameters. For example you can get the address ranges for EC2 across all regions like this (the parameter value is case insensitive):

PS C:> Get-AWSPublicIpAddressRange -ServiceKey ec2

Similarly, you can get the address ranges used by AWS in a given region:

PS C:> Get-AWSPublicIpAddressRange -Region us-west-2

Both of these parameters accept string arrays and can be supplied together. This example shows how to get the address ranges for Amazon EC2 and Amazon Route53 health checks in both US West regions:

PS C:> Get-AWSPublicIpAddressRange -ServiceKey ec2,route53_healthchecks -Region us-west-1,us-west-2

IpPrefix                    Region              Service
--------                    ------              -------               us-west-1           EC2               us-west-1           EC2
...               us-west-2           EC2               us-west-2           EC2
...             us-west-1           ROUTE53_HEALTHCHECKS             us-west-2           ROUTE53_HEALTHCHECKS            us-west-2           ROUTE53_HEALTHCHECKS           us-west-1           ROUTE53_HEALTHCHECKS

As noted in the original post, this information can change several times per week. You can find the publication date and time of the current information using the -OutputPublicationDate switch. The returned value here is a DateTime object:

PS C:> Get-AWSPublicIpAddressRange -OutputPublicationDate

Monday, December 15, 2014 4:41:01 PM

The set of service keys may change over time (see AWS IP Address Ranges for current documentation on this information). The current set of keys in use in the file can be obtained using the -OutputServiceKeys switch:

PS C:> Get-AWSPublicIpAddressRange -OutputServiceKeys


If you’ve read this far and are thinking that this would also be useful for your C#/.NET applications, then you’ll be glad to know it’s also exposed in the AWS SDK for .NET. See the AWSPublicIpAddressRanges class in the Amazon.Util namespace for more details.

We hope you find this new capability useful in your scripts. If you have ideas for other cmdlets that you would find useful, be sure to leave a comment!