What is the CIDR of ds.us-east-1.amazonaws.com

jlo-gmail

1/9/23, 3:43 PM

I am attempting to join a VM to a domain using a SSM document containing the aws:domainJoin command. My outbound security group is closed to the internet and there is no VPC endpoint for Active directory. The AWS endpoint is ds.us-east-2.amazonaws.com and I can see in the logs:

Domain Join failed, ... A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 52.95.18.130:443

on another attempt I see:

The question is, what is the IP address range that supports the various endpoints such as ds.us-east-2.amazonaws.com.

1 + 0

amazon-web-services

aws-directory-service

Score:0

Server

t3ln3t

1/9/23, 5:19 PM

No simple answer here unfortunately. There are multiple superblocks and also a number of smaller allocations for us-east-2 service region. The good news is you can download a json file that contains all the AWS IP blocks and get the ones that you're looking for. https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

0 + 1

jlo-gmail

1/9/23, 5:42 PM

I found a CIDR block in that file that matches. Unfortunately, the Service is listed as AMAZON (506 entries). So I got the idea to create a prefix list using the 506 AMAZON entries, but hit the 100 item limit. Is there an AWS owned Prefix list that encompasses the set of CIDRs? I cannot find one.

t3ln3t

1/9/23, 6:02 PM

Likely no. Many blocks are not contiguous.

Oscar De León

1/10/23, 8:13 PM

But are you running the AWS managed AD? Doesn't it have ENIs in your VPC's subnets? why not use those? or if you're using your own AD have you considered using AD connector, it will have ENIs in your VPC and you can connect to those.

jlo-gmail

1/22/23, 3:30 PM

Per docs, the aws:domainJoin command must have access to ds.*.Amazon aws.com. This appears to be the case even when that command is provided my ADs DNS AND the VM can join the AD manually.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the CIDR of ds.us-east-1.amazonaws.com

TH: CIDR ของ ds.us-east-1.amazonaws.com คืออะไร

RO: Care este CIDR-ul ds.us-east-1.amazonaws.com

RU: Что такое CIDR ds.us-east-1.amazonaws.com

VI: CIDR của ds.us-east-1.amazonaws.com là gì

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.