Identify IP prefixes for the firewall allowlist
Last updated February 19th, 2025
Categories:
Environment
- Knox Admin Portal
- Python
Overview
When configuring firewall exceptions, you may want to quickly identify the IP ranges based on your enterprise’s configuration.
How to identify firewall IP prefixes
To locate the IP ranges programmatically, you can do so with the following script:
# Import required modules, functions or classes
from urllib.request import urlopen
import json
import re
# loads IP ranges defined in JSON format from url
ip_ranges = json.loads(urlopen('https://ip-ranges.amazonaws.com/ip-ranges.json').read())
# Option 1: All services
target_prefixes = [prefix['ip_prefix'] for prefix in ip_ranges['prefixes']]
# Option 2: Specific service only
# Filter by service name
# Service name must be modified respectively. Example: S3
target_prefixes = [prefix['ip_prefix'] for prefix in ip_ranges['prefixes'] if prefix['service'] == 'S3']
# Option 3: Specific service and region only
# Filter by service name and region
# Service name must be modified respectively. Example: S3
# Pattern to match region name must be modified respectively.
# Example: eu-west.* for eu-west-1, eu-west-2, eu-west-3
pattern = r"eu-west.*"
target_prefixes = [prefix['ip_prefix'] for prefix in ip_ranges['prefixes'] if (prefix['service'] == 'S3' and re.match(pattern, prefix['region']))]
# Write to file
# Ensure correct path and filename in the open function parameter e.g. C:/data/amazonips.txt
with open('./amazonips.txt', 'w+') as f:
f.write('\n'.join(target_prefixes))
Additional information
On this page
Is this page helpful?