- Newest
- Most votes
- Most comments
There aren't specific update times for ip-ranges.json. But you can subscribe to a SNS notification so that you know when it has changed.
As @Brettski-AWS indicated, you can get a notification. However, it is not a good practice to use the IP range to allow some service running on AWS to access some endpoint somewhere else. If you do that, everyone that has a workload in the same region, will be able to access your endpoint.
If you use it in the other direction, i.e., to allow some application running outside AWS to access AWS, that is probably OK.
As per your comments
my third-party cant witelist for DNS, need IP address
Based on your tag, I assume this is to control egress to your API gateway IP. As @Brettski-AW mentioned, the third party can subscribe to AWS IP address ranges notifications and update their allow-listed IP prefixes.
If they are using a firewall that can subscribe to a IP prefixes web feed, they can consider AWS-IPRanges-API solution. The GitHub site has links to different firewalls configuration documentation, and API Gateway IP prefixes are available via /SERVICE/API_GATEWAY or /SERVICE/API_GATEWAY/<REGION>.
You can also refer to blog How to enhance CloudFront origin security of on-premise web servers using third-party firewalls which uses the solution to control ingress, but has screenshots for some of supported firewalls.
Relevant content
- asked 2 years ago
- asked 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Yeap, I understood for this point, but my third-party cant witelist for DNS, need IP address instead, I am suffering on this as I know the Ip-address provide for AWS resources won't like static IP. e.g.: APIGW.
What is your exact use case? Which service needs to be allow? do you need to allow outgoing traffic from the partner or from AWS?