Limiting outbound traffic to AWS Management Console or other Amazon consoles

ng flag

I've a network whose outbound traffic is strictly limited to a whitelist of sites or domains. I searched and couldn't find any documentation about how could I allow stations on this network to use AWS Management Console without allowing any arbitrary outgoing connections.

Is there any minimal list of hostnames, domains or IP ranges - similar to - that I'd whitelist for this purpose?


cg flag

This is the list of AWS IP ranges which can be filtered by region.

As for domains, you're going to have a tough time whitelisting everything, unless you use a very restricted set of services. Example:
[your region]
... etc ...

You would need a zone transfer to actually get a full list of subdomains, something like dig axfr — but this also would be brittle, if AWS's DNS servers even allow it (they probably don't).

Cat Mucius avatar
ng flag
Zac, thanks for the info, the problem is, though, that I'm looking for a way to open access to AWS native services, like the Console - while avoiding opening it to services of AWS tenants, which, as I understand, might be placed in the same ranges or under the same domains as AWS own ones.
I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.