AWS IP address ranges

AWS publishes its current IP address ranges in JSON format. With this information, you can identify traffic from AWS. You can also use this information to allow or deny traffic to or from some AWS services.

Some services publish their address ranges using AWS-managed prefix lists. For more information, see Available AWS-managed prefix lists.

Download the JSON file

To view the current address ranges, download ip-ranges.json. To maintain history, save successive versions of the JSON file on your own computer. To determine whether there have been changes since the last time that you saved the file, check the publication time in the current file and compare it to the publication time in the last file that you saved.

The following is an example curl command that saves the JSON file to the current directory.

curl -O https://ip-ranges.amazonaws.com/ip-ranges.json

If you access this file programmatically, it is your responsibility to ensure that the application downloads the file only after successfully verifying the TLS certificate presented by the server.

To receive notifications of updates to the JSON file, see AWS IP address ranges notifications.

Egress control

To allow resources you've created with one AWS service to only access other AWS services, you can use the IP address range information in the ip-ranges.json file to perform egress filtering. Ensure that the security group rules allow outbound traffic to the CIDR blocks in the AMAZON list. There are quotas for security groups. Depending on the number of IP address ranges in each Region, you might need multiple security groups per Region.

Geolocation feed

The IP address ranges in ip-ranges.json are by AWS Region. However, a Local Zone is not in the same physical location as its parent Region. The geolocation data published in geo-ip-feed.csv accounts for Local Zones. The data follows RFC 8805.