Is it possible to narrow which AWS public IP ranges are in use?

Question

Hello.

I got stuck with a problem and maybe someone here could offer an idea on how to solve it.

The setup is, there are services hosted at AWS eu-central-1 and us-east-1. They are located behind AWS dynamic public addresses.
I am working on setting up a split-tunnel Azure VPN connection, which requires me to write IP ranges as part of routing table. The setup is a manual work, uploading a json file would not work due to several limitations. So I am limited to manually update a routing table.

There is a json file with AWS public addresses for eu-central-1 and us-east-1 and the list is veeeery long. My routing table would be way too big and still updating all ranges would be a time consuming work. In short not worth the effort.

For sure, I don't want to route entire AWS IP range in my split-tunnel VPN. Which based on department has different routes.
But, is there a way I could narrow what are IP ranges used by my AWS hosted services?

Kidd Ip · Accepted Answer

Yes by below:

1. Use AWS IP Range Metadata
AWS publishes all public IP ranges in ip-ranges.json. You can filter this file by:
•	Region: us-east-1, eu-central-1
•	Service: EC2, S3, CLOUDFRONT, etc.
Tools like jq (Linux/macOS) or Get-AWSPublicIpAddressRange (PowerShell) can help you extract just the relevant CIDRs.
2. Pinpoint Your Actual Public IPs
If your services are behind Elastic IPs or NAT Gateways:
•	Use the AWS Console or CLI to list the Elastic IPs or NAT Gateway IPs assigned to your services.
•	These are the actual public IPs your services use, far fewer than the full region range.
3. Reverse Lookup
Once you have the public IPs:
•	Use tools like QueryAWS.net to find which CIDR block each IP belongs to.
•	This lets you extract only the specific CIDRs needed for your routing table.

SP · Answer

Thank you, much appreciated

Is it possible to narrow which AWS public IP ranges are in use?

Add your answer

Relevant content