Querying AWS Public IP Addresses
How is everyone else filtering on AWS public IP addresses? The data is in json format at https://ip-ranges.amazonaws.com/ip-ranges.json. Is it possible to just use the lookup operator?
-
Official comment
Sorry for delay. Long answer here. Bear with me.
1. Using lookup today works only vs. individual IPs, not ranges. Idea 1834 is one you can upvote which would make range lookups easier.
2. there is a CIDR Operator that you can use to check an individual IP vs. a range, but it would require a huge block of code to tackle all of AWS.
3. Probably should have led with this, but the fundamental question here is why do you need all AWS in a lookup? One cannot treat these as trusted if that is the underlying reason. I would recommend making a smaller lookup using your public IPs hosted on AWS, which can be gathered with CLI code like this, etc.:
aws ec2 describe-network-interfaces --query NetworkInterfaces[].Association.PublicIp
4. if you own ranges of IPs that to expand and build a lookup, you can produce CSV using code, ingest it, then turn into a lookup, provided the CSV stays within the 8MB limit. Code below is private IPs, using python, just to show the concept:
import json
import ipaddress
import os
# better to read in a file, but just using string here so show
# the logic and keep in one code snippet
networkranges = '''
{
"ranges": [
{
"range": "192.168.1.0/24",
"network": "my network 1"
},
{
"range": "10.10.1.0/24",
"network": "my network 2"
} ]
}
'''
csv = ''
for n in json.loads(networkranges)['ranges']:
range = n['range']
network = n['network']
for x in ipaddress.ip_network(range).hosts():
csv += f'{x},{network}\n'
print (csv)
Please sign in to leave a comment.
Comments
1 comment