aws_service_ip_ranges – Look up the IP ranges for services provided in AWS such as EC2 and S3

New in version 2.5.

Synopsis

  • AWS publishes IP ranges used on the public internet by EC2, S3, CloudFront, CodeBuild, Route53, and Route53 Health Checking.
  • This module produces a list of all the ranges (by default) or can narrow down the list to the specified region or service.

Requirements

The below requirements are needed on the local master node that executes this lookup.

  • must have public internet connectivity

Parameters

Parameter Choices/Defaults Configuration Comments
region
-
The AWS region to narrow the ranges to. Examples: us-east-1, eu-west-2, ap-southeast-1
service
-
The service to filter ranges by. Options: EC2, S3, CLOUDFRONT, CODEbUILD, ROUTE53, ROUTE53_HEALTHCHECKS

Examples

vars:
  ec2_ranges: "{{ lookup('aws_service_ip_ranges', region='ap-southeast-2', service='EC2', wantlist=True) }}"
tasks:

- name: "use list return option and iterate as a loop"
  debug: msg="{% for cidr in ec2_ranges %}{{ cidr }} {% endfor %}"
# "52.62.0.0/15 52.64.0.0/17 52.64.128.0/17 52.65.0.0/16 52.95.241.0/24 52.95.255.16/28 54.66.0.0/16 "

- name: "Pull S3 IP ranges, and print the default return style"
  debug: msg="{{ lookup('aws_service_ip_ranges', region='us-east-1', service='S3') }}"
# "52.92.16.0/20,52.216.0.0/15,54.231.0.0/17"

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
_raw
-
comma-separated list of CIDR ranges



Status

Authors

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/plugins/lookup/aws_service_ip_ranges.html