0

I have AWS infrastructure running over AWS ELB (Classic Load Balancer) and EC2.

I need to know IP range for AWS ELB in EU (Ireland) Knexusplatform-Live-SaaS-IR-1436765642.eu-west-1.elb.amazonaws.com, what will be ELB IP range for white listing?

I came to know from blog nslookup and dig command can find IPs associated with ELB with below script

#IP address assign to ELB
nslookup Knexusplatform-Live-SaaS-IR-1436765642.eu-west-1.elb.amazonaws.com \
| grep Address | grep 'Address: ' | awk '{ print $2}'
#below is out put
176.34.119.175
54.247.161.83

Now I am confused with below questions

  1. Will IP assigned (176.34.119.175,54.247.161.83) to ELB change?
  2. If IP changed, will new IP changed to same CIDR range?
  3. If yes to 2nd question, Is there any Linux tool which can find CIDR against IP?

As per this URL https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html, I came to know with below bash script total 81 IP ranges,

#Download IP Address range
wget https://ip-ranges.amazonaws.com/ip-ranges.json -Ot /tmp/ip-ranges.json

#EU-WEST IP Range
jq -r '.prefixes[] | select(.region=="eu-west-1" and .service=="AMAZON").ip_prefix' \
< /tmp/ip-ranges.json

54.155.0.0/16
172.96.98.0/24
52.95.104.0/22
52.30.0.0/15
54.154.0.0/16
46.137.0.0/17
52.144.208.64/26
52.94.216.0/21
52.208.0.0/13
52.119.192.0/22
52.18.0.0/15
52.93.21.14/32
99.80.0.0/15
18.200.0.0/16
54.231.128.0/19
52.144.208.192/26
54.74.0.0/15
54.216.0.0/15
54.78.0.0/16
3.40.0.0/14
185.143.16.0/24
52.93.112.35/32
52.48.0.0/14
52.94.5.0/24
54.240.220.0/22
54.170.0.0/15
46.51.192.0/20
178.236.0.0/20
52.218.0.0/17
52.93.0.0/24
99.82.162.0/24
54.239.99.0/24
52.94.26.0/23
54.247.0.0/16
52.119.240.0/21
54.194.0.0/15
52.93.18.178/32
34.240.0.0/13
52.94.248.16/28
52.46.240.0/22
54.72.0.0/15
54.239.0.48/28
79.125.0.0/17
54.220.0.0/16
52.94.24.0/23
52.93.17.16/32
52.92.40.0/21
52.93.16.0/24
52.95.255.64/28
63.32.0.0/14
18.202.0.0/15
176.32.104.0/21
54.76.0.0/15
54.240.197.0/24
52.95.244.0/24
185.48.120.0/22
52.144.210.0/26
52.144.208.128/26
34.248.0.0/13
52.93.17.17/32
52.144.210.128/26
54.239.32.0/21
176.34.128.0/17
52.95.61.0/24
52.93.18.179/32
52.93.112.34/32
52.94.196.0/24
54.228.0.0/16
54.229.0.0/16
52.16.0.0/15
46.137.128.0/18
52.93.2.0/24
46.51.128.0/18
54.246.0.0/16
52.95.112.0/20
52.93.21.15/32
54.239.113.0/24
52.95.60.0/24
18.201.0.0/16
87.238.80.0/21
176.34.64.0/18
Ron Maupin
  • 99,565
  • 26
  • 120
  • 195
Ramratan Gupta
  • 103
  • 1
  • 6
  • Unfortunately, questions about host/server configurations are off-topic here. You could try to ask this question on [sf] for a business network, or on [su] for a personal network. – Ron Maupin Aug 30 '18 at 13:33
  • I did not had that Idea, question has things related to IP and CIDR, but solution turn out to be server related, I got the solution, what should I do now? can I move this other site with answer? – Ramratan Gupta Aug 31 '18 at 06:16
  • The three questions all relate to what the server OS does or can do. The third question is completely off-topic for SE sites, except [softwarerecs.se]. As far as subnetting, CIDR, and other IPv4 related things, we already have the excellent answer to this question. – Ron Maupin Aug 31 '18 at 14:34

1 Answers1

3

The answer depends on the kind of ELB you are using. If you use an Application Load Balancer then it can change the underlying IPs at any time. If you use a Network Load Balancer than you can use static IPs. And apparently it is now possible to chain the two to get the best of both worlds.

So with an ALB, the answer to your first question is "yes, possibly", and the second one "not necessarily", and the third is "yes, with ipcalc for example".

If at all possible I would really suggest you from IP white-listing to domain-name filtering on your firewall (or go through an http proxy).

Jeremy Gibbons
  • 2,449
  • 10
  • 15