How do I get the IP ranges for EC2 instances in specific regions
Question
I need to know what IP subnet will be used by AWS EC2 instances
Reading:
- https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
- https://superuser.com/questions/989123/amazon-ec2-public-ip-address/989400
I understand that I can use this URL giving the IP ranges:
But I am a bit confused by the output.
I understand I need to filter on:
- region
- type: EC2
Is my understanding correct ? If so I get 137 IP subnets which is very important number.
How can I have more control on IP subnets ?
1 answers
solution1
2 2021-10-15 18:50:04
It will be extremely fragile to base your firewall system on the possible IPs that any EC2 instance in those regions can have.
Allowing access from 1 region may arguably have been fine but you're opening up your firewall to five traffic-heavy & very popular AWS regions .
That blanket policy allowing all traffic will essentially defeat the purpose of having a firewall that should only allow specific traffic through.
If you're actually looking for security, assign your EC2 instances an Elastic IP (EIP) and allow traffic only from those particular IPs.
Depending on how many EC2 instances you have, it may also be much easier, quicker & cheaper (however small ) to route all your EC2 instances through 1 NAT gateway with 1 EIP (if you don't need all your EC2 instances to have different public IPs).
You'll save yourself the headache of keeping up to date with possible IP range changes made by Amazon, have cleaner firewall policies and have tighter security by only letting traffic that you're sure is coming from your instances through.
Win, win, win.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.