Hey everyone! I'm looking to allow inbound traffic from AWS to our local ERP server, but I need to find the official AWS IP ranges to do this securely. I already know how to set up the inbound forwarding rule on our router firewall, but I was wondering if there's a specific AWS Knowledge Article that lists the "from" IP ranges I need to use. I also suspect that using a FQDN like *.eu-central-1.compute.amazonaws.com won't work in the FROM field of our router firewall. Any guidance would be much appreciated!
4 Answers
Creating a site-to-site VPN could be a more secure option so that your ERP server isn't directly exposed to the internet. Check out this link for more info on how to set it up: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html.
You can find the AWS IP ranges here: https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html. Just make sure to parse the list to get the specific ones you need for your region, especially if you're focused on EU Central. It’s a good idea to subscribe to the SNS topic AWS has for IP range changes, so you get notified whenever they update their IPs.
Using Elastic IPs on your EC2 instance might be a straightforward way to manage access instead of going down the NAT route. It’s less complicated and keeps things neat on your firewall policies.
If you limit access to *.eu-central, be aware that it opens up your ERP server to anyone using AWS in that region. Instead, consider placing your EC2 in a private subnet and using a NAT gateway with an Elastic IP. This way, you can control access more tightly by whitelisting that Elastic IP in your firewall.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures