Comments

1 comment

  • Official comment
    Avatar
    Matt Sullivan

    Sorry for delay. Long answer here. Bear with me.

    1. Using lookup today works only vs. individual IPs, not ranges.  Idea 1834 is one you can upvote which would make range lookups easier.

    2. there is a CIDR Operator that you can use to check an individual IP vs. a range, but it would require a huge block of code to tackle all of AWS.

    3. Probably should have led with this, but the fundamental question here is why do you need all AWS in a lookup? One cannot treat these as trusted if that is the underlying reason. I would recommend making a smaller lookup using your public IPs hosted on AWS, which can be gathered with CLI code like this, etc.:

       aws ec2 describe-network-interfaces --query NetworkInterfaces[].Association.PublicIp

    4. if you own ranges of IPs that to expand and build a lookup, you can produce CSV using code, ingest it, then turn into a lookup, provided the CSV stays within the 8MB limit. Code below is private IPs, using python, just to show the concept:

    import json
    import ipaddress
    import os

    # better to read in a file, but just using string here so show
    # the logic and keep in one code snippet

    networkranges = '''
    {
    "ranges": [
    {
    "range": "192.168.1.0/24",
    "network": "my network 1"
    },
    {
    "range": "10.10.1.0/24",
    "network": "my network 2"
    } ]
    }
    '''

    csv = ''
    for n in json.loads(networkranges)['ranges']:
    range = n['range']
    network = n['network']

    for x in ipaddress.ip_network(range).hosts():
    csv += f'{x},{network}\n'

    print (csv)

Please sign in to leave a comment.