Querying the Public IP Address Ranges for AWS
A post on the AWS Official Blog last November noted that the authoritative public IP address ranges used by AWS could now be obtained from a JSON-format file. The same information can now be accessed easily from AWS Tools for Windows PowerShell with a new cmdlet,
Get-AWSPublicIpAddressRange, without the need to parse JSON. This cmdlet was added in version 184.108.40.206.
When run with no parameters, the cmdlet outputs all of the address ranges to the pipeline:
PS C:> Get-AWSPublicIpAddressRange IpPrefix Region Service -------- ------ ------- 220.127.116.11/16 us-east-1 AMAZON 18.104.22.168/24 us-east-1 AMAZON ... 22.214.171.124/16 us-east-1 EC2 126.96.36.199/17 us-east-1 EC2 ... 188.8.131.52/21 GLOBAL ROUTE53 184.108.40.206/26 sa-east-1 ROUTE53_HEALTHCHECKS ... 220.127.116.11/19 GLOBAL CLOUDFRONT 18.104.22.168/20 GLOBAL CLOUDFRONT ...
If you’re comfortable using the pipeline to filter output, this may be all you need, but the cmdlet is also able to filter output using the -ServiceKey and -Region parameters. For example you can get the address ranges for EC2 across all regions like this (the parameter value is case insensitive):
PS C:> Get-AWSPublicIpAddressRange -ServiceKey ec2
Similarly, you can get the address ranges used by AWS in a given region:
PS C:> Get-AWSPublicIpAddressRange -Region us-west-2
Both of these parameters accept string arrays and can be supplied together. This example shows how to get the address ranges for Amazon EC2 and Amazon Route53 health checks in both US West regions:
PS C:> Get-AWSPublicIpAddressRange -ServiceKey ec2,route53_healthchecks -Region us-west-1,us-west-2 IpPrefix Region Service -------- ------ ------- 22.214.171.124/18 us-west-1 EC2 126.96.36.199/16 us-west-1 EC2 ... 188.8.131.52/16 us-west-2 EC2 184.108.40.206/16 us-west-2 EC2 ... 220.127.116.11/26 us-west-1 ROUTE53_HEALTHCHECKS 18.104.22.168/26 us-west-2 ROUTE53_HEALTHCHECKS 22.214.171.124/26 us-west-2 ROUTE53_HEALTHCHECKS 126.96.36.199/26 us-west-1 ROUTE53_HEALTHCHECKS
As noted in the original post, this information can change several times per week. You can find the publication date and time of the current information using the -OutputPublicationDate switch. The returned value here is a
PS C:> Get-AWSPublicIpAddressRange -OutputPublicationDate Monday, December 15, 2014 4:41:01 PM
The set of service keys may change over time (see AWS IP Address Ranges for current documentation on this information). The current set of keys in use in the file can be obtained using the -OutputServiceKeys switch:
PS C:> Get-AWSPublicIpAddressRange -OutputServiceKeys AMAZON EC2 ROUTE53 ROUTE53_HEALTHCHECKS CLOUDFRONT
If you’ve read this far and are thinking that this would also be useful for your C#/.NET applications, then you’ll be glad to know it’s also exposed in the AWS SDK for .NET. See the
AWSPublicIpAddressRanges class in the
Amazon.Util namespace for more details.
We hope you find this new capability useful in your scripts. If you have ideas for other cmdlets that you would find useful, be sure to leave a comment!