What IP addresses need to be allow-listed for regional S3 API access?


An application needs to be able to upload / download data from Amazon S3, via the regional endpoint (ap-southeast-1). If there's a network firewall, in place, which IP addresses need to be allow-listed?

From the AWS Service Endpoints, would this be just at s3.ap-southeast-1.amazonaws.com and where the IP address ranges would come from https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html?

For example IP ranges could be downloaded and filtered as follows:

curl -O https://ip-ranges.amazonaws.com/ip-ranges.json
jq -r '.prefixes[] | select(.region=="ap-southeast-1") | select(.service=="S3") | .ip_prefix' < ip-ranges.json


Would allow-listing just the above IP address ranges be sufficient?

asked a year ago275 views
1 Answer
Accepted Answer

Yes, that is correct.

profile pictureAWS
answered a year ago
profile pictureAWS
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions