- Newest
- Most votes
- Most comments
Hello.
The "describe-regions" command outputs the regions enabled in your AWS account.
Since this command displays information in your AWS account, you will need to use an access key.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-regions.html
In the past, I built a system that periodically executed the following command to obtain a list of AWS regions.
In this case, there is no need to set an access key.
However, the following command also retrieves a list of regions that are not enabled in your AWS account, so you have to manage that part yourself.
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html
https://ip-ranges.amazonaws.com/ip-ranges.json
curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq .prefixes[].region | sort | uniq
The ec2 describe-regions command requires an access key because it's part of the AWS API, which is designed to be secure and authenticate users. However, your question highlights a valid point about the need for a public, unauthenticated way to enumerate AWS regions.
While AWS does provide some public APIs, like the one for querying IP address ranges, they haven't created a similar public endpoint for listing regions. This is likely due to a combination of factors, including security considerations and the fact that regions don't change very frequently.
The reason someone has to manually maintain a list is because AWS hasn't provided an official, public HTTP endpoint for this purpose. While it would be convenient to have such an endpoint, AWS may have reasons for not doing so, such as:
- Controlling access to region information
- Maintaining flexibility in how they release and manage region information
- Ensuring that applications are built to handle region changes gracefully
Without an official public endpoint, developers have resorted to maintaining their own lists or using authenticated API calls. This isn't ideal for scenarios where you need to enumerate regions without credentials or SDKs.
For a future-proof solution using only curl from a shell, you might consider:
- Using the public IP address ranges API and parsing it for region information
- Periodically checking the AWS documentation for updates
- Creating your own updatable list that you maintain based on official AWS announcements
While these aren't perfect solutions, they're the best options available without using access keys or SDKs, given the current limitations in publicly available AWS APIs for region enumeration.
Sources
DescribeRegions - Amazon Elastic Compute Cloud
Example policies to control access the Amazon EC2 API - Amazon Elastic Compute Cloud
Wow. I didn't come all the way up here just to be answered by a machine.
Relevant content
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
Yeah, that's exactly what I wrote for my project. I didn't want to make assumptions about the endpoint url