Limiting outbound traffic to AWS Management Console or other Amazon consoles

Cat Mucius

4/13/24, 9:25 PM

I've a network whose outbound traffic is strictly limited to a whitelist of sites or domains. I searched and couldn't find any documentation about how could I allow stations on this network to use AWS Management Console without allowing any arbitrary outgoing connections.

Is there any minimal list of hostnames, domains or IP ranges - similar to https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls - that I'd whitelist for this purpose?

Thanks!

1 + 0

security

firewall

traffic-management

whitelist

amazon-web-services

Score:1

Server

Zac Anger

4/13/24, 10:39 PM

This is the list of AWS IP ranges which can be filtered by region.

As for domains, you're going to have a tough time whitelisting everything, unless you use a very restricted set of services. Example:

console.aws.amazon.com
[your region].console.aws.amazon.com
signin.aws.amazon.com
support.aws.amazon.com
s3.console.aws.amazon.com
aws.amazon.com
docs.aws.amazon.com
forums.aws.amazon.com
status.aws.amazon.com
aws-portal.amazon.com
... etc ...

You would need a zone transfer to actually get a full list of subdomains, something like dig @server.com zone.com axfr — but this also would be brittle, if AWS's DNS servers even allow it (they probably don't).

+ 1

Cat Mucius

4/14/24, 9:32 AM

Zac, thanks for the info, the problem is, though, that I'm looking for a way to open access to AWS native services, like the Console - while avoiding opening it to services of AWS tenants, which, as I understand, might be placed in the same ranges or under the same domains as AWS own ones.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Limiting outbound traffic to AWS Management Console or other Amazon consoles

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.