How do I find the IP address ranges that Amazon S3 uses?

Resolution

First, download the JSON file that contains all AWS IP address ranges. Then, search the file for the "service": "S3" string.

To parse the JSON response on Linux or macOS machines, you can use a tool such as jq. For more information, see ./jq on the jqlang website. For example, to parse the JSON file for all IPv4 addresses that Amazon S3 uses, run the following command:

curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="S3") | .ip_prefix'

52.95.154.0/23

52.219.64.0/22

52.92.72.0/22

52.92.64.0/22

52.95.156.0/24

....

To parse the JSON response for all IPv4 addresses that Amazon S3 uses in the us-east-1 AWS Region, run the following command:

curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="S3") | .ip_prefix'

54.231.0.0/17

52.92.16.0/20

52.216.0.0/15

On Windows operating systems (OSs), you can use AWS Tools for PowerShell. The following Get-AWSPublicIpAddressRange command filters for all IPv4 and IPv6 addresses that Amazon S3 uses:

Get-AWSPublicIpAddressRange -ServiceKey S3 | select IpPrefix
IpPrefix
--------
52.47.73.72/29
13.55.255.216/29
52.15.247.208/29
...
...
2a05:d07c:2000::/40
2a05:d000:8000::/40
2406:dafe:2000::/40
...

For more examples, see Find the IP address ranges for AWS services.

Note: You might see a difference between IP address ranges on the JSON file list and AWS managed prefix lists. AWS manages all IP addresses that the ip-ranges.json file reports. It's a best practice to use the JSON file to manually retrieve the IP address range for Amazon S3.

IP addresses can change. When you allowlist the IP address ranges within your environment, check for changes after the previous publication of the ip-ranges.json file to avoid network interruptions. Compare the addresses in the ip-ranges.json file that you previously downloaded and the addresses in the current ip-ranges.json file.