What IP addresses need to be allow-listed for regional S3 API access?
1
An application needs to be able to upload / download data from Amazon S3, via the regional endpoint (ap-southeast-1). If there's a network firewall, in place, which IP addresses need to be allow-listed?
From the AWS Service Endpoints, would this be just at s3.ap-southeast-1.amazonaws.com and where the IP address ranges would come from https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html?
For example IP ranges could be downloaded and filtered as follows:
curl -O https://ip-ranges.amazonaws.com/ip-ranges.json jq -r '.prefixes[] | select(.region=="ap-southeast-1") | select(.service=="S3") | .ip_prefix' < ip-ranges.json
Result
18.34.248.0/22
16.12.48.0/21
52.219.32.0/21
18.34.64.0/21
52.219.180.0/22
52.219.40.0/22
52.219.164.0/22
52.219.124.0/22
3.5.146.0/23
52.219.128.0/22
52.219.184.0/21
52.219.132.0/22
3.5.148.0/22
13.213.20.144/28
13.213.20.160/28
Would allow-listing just the above IP address ranges be sufficient?
asked a year ago258 views
1 Answer
- Newest
- Most votes
- Most comments
Relevant content
- Accepted Answerasked 3 years ago
- asked 8 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
