Work with the AWS IP address ranges in native Python.

Overview

awsipranges

Work with the AWS IP address ranges in native Python.

License PyPI Code Coverage Build Docs


Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. Python v3 provides an ipaddress module in the standard library that allows you to create, manipulate, and perform operations on IPv4 and IPv6 addresses and networks. Wouldn't it be nice if you could work with the AWS IP address ranges like native Python objects?

Features

  • Work with the AWS IP prefixes as a simple AWSIPPrefixes collection.
  • Quickly check if an IP address, interface, or network is contained in the AWS IP address ranges.
  • Get the AWS IP prefix that contains an IP address, interface, or network.
  • See what services are served from an IP prefix.
  • Filter the AWS IP prefixes by region, network border group, service, and IP prefix version.
  • Use the AWS prefix data in your app or automation scripts in the format required by your infrastructure.
  • Easily validate the TLS certificate presented by the IP ranges server.
  • awsipranges has no third-party dependencies and is compatible with CPython v3.7+.
>> '52.94.5.15' in aws_ip_ranges True >>> aws_ip_ranges['52.94.5.15'] AWSIPv4Prefix('52.94.5.0/24', region='eu-west-1', network_border_group='eu-west-1', services=('AMAZON', 'DYNAMODB')) >>> aws_ip_ranges.filter(services='CODEBUILD') {'create_date': datetime.datetime(2021, 8, 24, 1, 31, 14, tzinfo=datetime.timezone.utc), 'ipv4_prefixes': (AWSIPv4Prefix('3.26.127.24/29', region='ap-southeast-2', network_border_group='ap-southeast-2', services=('CODEBUILD',)), AWSIPv4Prefix('3.38.90.8/29', region='ap-northeast-2', network_border_group='ap-northeast-2', services=('CODEBUILD',)), AWSIPv4Prefix('3.68.251.232/29', region='eu-central-1', network_border_group='eu-central-1', services=('CODEBUILD',)), AWSIPv4Prefix('3.98.171.224/29', region='ca-central-1', network_border_group='ca-central-1', services=('CODEBUILD',)), AWSIPv4Prefix('3.101.177.48/29', region='us-west-1', network_border_group='us-west-1', services=('CODEBUILD',)), ...), 'ipv6_prefixes': (), 'sync_token': '1629768674'} >>> for prefix in aws_ip_ranges.filter(regions='eu-west-1', services='DYNAMODB'): ... print(prefix.network_address, prefix.netmask) ... 52.94.5.0 255.255.255.0 52.94.24.0 255.255.254.0 52.94.26.0 255.255.254.0 52.119.240.0 255.255.248.0 ">
>>> import awsipranges

>>> aws_ip_ranges = awsipranges.get_ranges(cafile="amazon_root_certificates.pem")

>>> '52.94.5.15' in aws_ip_ranges
True

>>> aws_ip_ranges['52.94.5.15']
AWSIPv4Prefix('52.94.5.0/24', region='eu-west-1', network_border_group='eu-west-1', services=('AMAZON', 'DYNAMODB'))

>>> aws_ip_ranges.filter(services='CODEBUILD')
{'create_date': datetime.datetime(2021, 8, 24, 1, 31, 14, tzinfo=datetime.timezone.utc),
 'ipv4_prefixes': (AWSIPv4Prefix('3.26.127.24/29', region='ap-southeast-2', network_border_group='ap-southeast-2', services=('CODEBUILD',)),
                   AWSIPv4Prefix('3.38.90.8/29', region='ap-northeast-2', network_border_group='ap-northeast-2', services=('CODEBUILD',)),
                   AWSIPv4Prefix('3.68.251.232/29', region='eu-central-1', network_border_group='eu-central-1', services=('CODEBUILD',)),
                   AWSIPv4Prefix('3.98.171.224/29', region='ca-central-1', network_border_group='ca-central-1', services=('CODEBUILD',)),
                   AWSIPv4Prefix('3.101.177.48/29', region='us-west-1', network_border_group='us-west-1', services=('CODEBUILD',)),
                   ...),
 'ipv6_prefixes': (),
 'sync_token': '1629768674'}

>>> for prefix in aws_ip_ranges.filter(regions='eu-west-1', services='DYNAMODB'):
...     print(prefix.network_address, prefix.netmask)
...
52.94.5.0 255.255.255.0
52.94.24.0 255.255.254.0
52.94.26.0 255.255.254.0
52.119.240.0 255.255.248.0

Installation

Installing and upgrading awsipranges is easy:

Install via PIP

❯ pip install awsipranges

Upgrade to the latest version

❯ pip install --upgrade awsipranges

Documentation

Excellent documentation is now available at: https://aws-samples.github.io/awsipranges/

Check out the Quickstart to dive in and begin using awsipranges.

Contribute

See CONTRIBUTING for information on how to contribute to this project.

Security

See CONTRIBUTING for information on how to report a security issue with this project.

License

This project is licensed under the Apache-2.0 License.

You might also like...
Project template for using aws-cdk, Chalice and React in concert, including RDS Postgresql and AWS Cognito

What is This? This repository is an opinonated project template for using aws-cdk, Chalice and React in concert. Where aws-cdk and Chalice are in Pyth

POC de uma AWS lambda que executa a consulta de preços de criptomoedas, e é implantada na AWS usando Github actions.
POC de uma AWS lambda que executa a consulta de preços de criptomoedas, e é implantada na AWS usando Github actions.

Cryptocurrency Prices Overview Instalação Repositório Configuração CI/CD Roadmap Testes Overview A ideia deste projeto é aplicar o conteúdo estudado s

Unauthenticated enumeration of services, roles, and users in an AWS account or in every AWS account in existence.

Quiet Riot 🎶 C'mon, Feel The Noise 🎶 An enumeration tool for scalable, unauthenticated validation of AWS principals; including AWS Acccount IDs, roo

AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

Aws-lambda-requests-wrapper - Request/Response wrapper for AWS Lambda with API Gateway

AWS Lambda Requests Wrapper Request/Response wrapper for AWS Lambda with API Gat

AWS-serverless-starter - AWS Lambda serverless stack via Serverless framework
AWS-serverless-starter - AWS Lambda serverless stack via Serverless framework

Serverless app via AWS Lambda, ApiGateway and Serverless framework Configuration

AWS CloudSaga - Simulate security events in AWS

AWS CloudSaga - Simulate security events in AWS AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (

A minimalistic library designed to provide native access to YNAB data from Python

pYNAB A minimalistic library designed to provide native access to YNAB data from Python. Install The simplest way is to install the latest version fro

Cloud-native, data onboarding architecture for the Google Cloud Public Datasets program
Cloud-native, data onboarding architecture for the Google Cloud Public Datasets program

Public Datasets Pipelines Cloud-native, data pipeline architecture for onboarding datasets to the Google Cloud Public Datasets Program. Overview Requi

Comments
  • Add AWSIPPrefixes.md5 attribute

    Add AWSIPPrefixes.md5 attribute

    Resolves #2

    Description of changes:

    • Computes the MD5 hash of the downloaded JSON file and adds the MD5 hex digest as an md5 attribute on the AWSIPPrefixes collection class.
    • Checks the HTTP status code on the JSON file download and raises an HTTPError on 4xx and 5xx response codes.
    opened by cmlccie 0
  • MD5 hash

    MD5 hash

    Hi,

    Would be nice to have md5 attribute inside AWSIPPrefixes. So, when user run get_ranges() it calculate md5 and add it on this attribute.

    Later this can be used to validate against SNS notification.

    enhancement 
    opened by lazize 0
  • Bump ipython from 7.28.0 to 7.31.1

    Bump ipython from 7.28.0 to 7.31.1

    Bumps ipython from 7.28.0 to 7.31.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(0.3.3)
  • 0.3.3(Feb 10, 2022)

  • 0.3.0(Oct 2, 2021)

    JSON MD5 hash

    This release adds a new .md5 attribute to the AWSIPPrefixes class that provides access to the computed MD5 hex digest of the downloaded JSON file. You can compare the computed MD5 hash with the MD5 hash provided by the AmazonIpSpaceChanged notifications to verify the integrity of the downloaded JSON file.

    Notification JSON:

    {
      "create-time":"2021-10-01T16:33:13+00:00",
      "synctoken":"1633105993",
      "md5":"59e4cd7f4757a9f380c626d772a5eef2",
      "url":"https://ip-ranges.amazonaws.com/ip-ranges.json"
    }
    

    AWSIPPrefixes collection:

    {
     'create_date': datetime.datetime(2021, 10, 1, 16, 33, 13, tzinfo=datetime.timezone.utc),
     'ipv4_prefixes': (...),
     'ipv6_prefixes': (...),
     'md5': '59e4cd7f4757a9f380c626d772a5eef2',
     'sync_token': '1633105993',
    }
    

    New library exceptions

    Added HTTP response error checking and a custom library exception hierarchy. awsipranges.get_ranges() will now raise an awsipranges.HTTPError exception for 4xx and 5xx HTTP response codes when downloading the JSON file. All awsipranges custom exceptions are subclasses of the AWSIPRangesException base exception class.

    Source code(tar.gz)
    Source code(zip)
Automated AWS account hardening with AWS Control Tower and AWS Step Functions

Automate activities in Control Tower provisioned AWS accounts Table of contents Introduction Architecture Prerequisites Tools and services Usage Clean

AWS Samples 20 Dec 7, 2022
Implement backup and recovery with AWS Backup across your AWS Organizations using a CI/CD pipeline (AWS CodePipeline).

Backup and Recovery with AWS Backup This repository provides you with a management and deployment solution for implementing Backup and Recovery with A

AWS Samples 8 Nov 22, 2022
Python + AWS Lambda Hands OnPython + AWS Lambda Hands On

Python + AWS Lambda Hands On Python Criada em 1990, por Guido Van Rossum. "Bala de prata" (quase). Muito utilizado em: Automatizações - Selenium, Beau

Marcelo Ortiz de Santana 8 Sep 9, 2022
Aws-cidr-finder - A Python CLI tool for finding unused CIDR blocks in AWS VPCs

aws-cidr-finder Overview An Example Installation Configuration Contributing Over

Cooper Walbrun 18 Jul 31, 2022
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

aws-allowlister Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance fr

Salesforce 189 Dec 8, 2022
SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

SSH-Restricted SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public. SSH-Auto-Restricted checks

Adrian Hornsby 30 Nov 8, 2022
AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.

Photo by Denny Müller on Unsplash AWS Automated Inventory ( aws-auto-inventory ) Automates creation of detailed inventories from AWS resources. Table

AWS Samples 123 Dec 26, 2022
A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

Amazon Web Services - Labs 1.9k Jan 7, 2023
aws-lambda-scheduler lets you call any existing AWS Lambda Function you have in a future time.

aws-lambda-scheduler aws-lambda-scheduler lets you call any existing AWS Lambda Function you have in the future. This functionality is achieved by dyn

Oğuzhan Yılmaz 57 Dec 17, 2022