Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS
  3. API Docs
  4. getIpRanges
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi
pulumi/pulumi-aws

aws.getIpRanges

Explore with Pulumi AI

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi
pulumi/pulumi-aws

Use this data source to get the IP ranges of various AWS products and services. For more information about the contents of this data source and required JSON syntax if referencing a custom URL, see the AWS IP Address Ranges documentation.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const europeanEc2 = aws.getIpRanges({
    regions: [
        "eu-west-1",
        "eu-central-1",
    ],
    services: ["ec2"],
});
const fromEurope = new aws.ec2.SecurityGroup("from_europe", {
    name: "from_europe",
    ingress: [{
        fromPort: 443,
        toPort: 443,
        protocol: "tcp",
        cidrBlocks: europeanEc2.then(europeanEc2 => europeanEc2.cidrBlocks),
        ipv6CidrBlocks: europeanEc2.then(europeanEc2 => europeanEc2.ipv6CidrBlocks),
    }],
    tags: {
        CreateDate: europeanEc2.then(europeanEc2 => europeanEc2.createDate),
        SyncToken: europeanEc2.then(europeanEc2 => europeanEc2.syncToken),
    },
});
Copy
import pulumi
import pulumi_aws as aws

european_ec2 = aws.get_ip_ranges(regions=[
        "eu-west-1",
        "eu-central-1",
    ],
    services=["ec2"])
from_europe = aws.ec2.SecurityGroup("from_europe",
    name="from_europe",
    ingress=[{
        "from_port": 443,
        "to_port": 443,
        "protocol": "tcp",
        "cidr_blocks": european_ec2.cidr_blocks,
        "ipv6_cidr_blocks": european_ec2.ipv6_cidr_blocks,
    }],
    tags={
        "CreateDate": european_ec2.create_date,
        "SyncToken": european_ec2.sync_token,
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		europeanEc2, err := aws.GetIpRanges(ctx, &aws.GetIpRangesArgs{
			Regions: []string{
				"eu-west-1",
				"eu-central-1",
			},
			Services: []string{
				"ec2",
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = ec2.NewSecurityGroup(ctx, "from_europe", &ec2.SecurityGroupArgs{
			Name: pulumi.String("from_europe"),
			Ingress: ec2.SecurityGroupIngressArray{
				&ec2.SecurityGroupIngressArgs{
					FromPort:       pulumi.Int(443),
					ToPort:         pulumi.Int(443),
					Protocol:       pulumi.String("tcp"),
					CidrBlocks:     interface{}(europeanEc2.CidrBlocks),
					Ipv6CidrBlocks: interface{}(europeanEc2.Ipv6CidrBlocks),
				},
			},
			Tags: pulumi.StringMap{
				"CreateDate": pulumi.String(europeanEc2.CreateDate),
				"SyncToken":  pulumi.Int(europeanEc2.SyncToken),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var europeanEc2 = Aws.GetIpRanges.Invoke(new()
    {
        Regions = new[]
        {
            "eu-west-1",
            "eu-central-1",
        },
        Services = new[]
        {
            "ec2",
        },
    });

    var fromEurope = new Aws.Ec2.SecurityGroup("from_europe", new()
    {
        Name = "from_europe",
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.SecurityGroupIngressArgs
            {
                FromPort = 443,
                ToPort = 443,
                Protocol = "tcp",
                CidrBlocks = europeanEc2.Apply(getIpRangesResult => getIpRangesResult.CidrBlocks),
                Ipv6CidrBlocks = europeanEc2.Apply(getIpRangesResult => getIpRangesResult.Ipv6CidrBlocks),
            },
        },
        Tags = 
        {
            { "CreateDate", europeanEc2.Apply(getIpRangesResult => getIpRangesResult.CreateDate) },
            { "SyncToken", europeanEc2.Apply(getIpRangesResult => getIpRangesResult.SyncToken) },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetIpRangesArgs;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var europeanEc2 = AwsFunctions.getIpRanges(GetIpRangesArgs.builder()
            .regions(            
                "eu-west-1",
                "eu-central-1")
            .services("ec2")
            .build());

        var fromEurope = new SecurityGroup("fromEurope", SecurityGroupArgs.builder()
            .name("from_europe")
            .ingress(SecurityGroupIngressArgs.builder()
                .fromPort(443)
                .toPort(443)
                .protocol("tcp")
                .cidrBlocks(europeanEc2.cidrBlocks())
                .ipv6CidrBlocks(europeanEc2.ipv6CidrBlocks())
                .build())
            .tags(Map.ofEntries(
                Map.entry("CreateDate", europeanEc2.createDate()),
                Map.entry("SyncToken", europeanEc2.syncToken())
            ))
            .build());

    }
}
Copy
resources:
  fromEurope:
    type: aws:ec2:SecurityGroup
    name: from_europe
    properties:
      name: from_europe
      ingress:
        - fromPort: '443'
          toPort: '443'
          protocol: tcp
          cidrBlocks: ${europeanEc2.cidrBlocks}
          ipv6CidrBlocks: ${europeanEc2.ipv6CidrBlocks}
      tags:
        CreateDate: ${europeanEc2.createDate}
        SyncToken: ${europeanEc2.syncToken}
variables:
  europeanEc2:
    fn::invoke:
      function: aws:getIpRanges
      arguments:
        regions:
          - eu-west-1
          - eu-central-1
        services:
          - ec2
Copy

Using getIpRanges

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getIpRanges(args: GetIpRangesArgs, opts?: InvokeOptions): Promise<GetIpRangesResult>
function getIpRangesOutput(args: GetIpRangesOutputArgs, opts?: InvokeOptions): Output<GetIpRangesResult>
Copy
def get_ip_ranges(id: Optional[str] = None,
                  regions: Optional[Sequence[str]] = None,
                  services: Optional[Sequence[str]] = None,
                  url: Optional[str] = None,
                  opts: Optional[InvokeOptions] = None) -> GetIpRangesResult
def get_ip_ranges_output(id: Optional[pulumi.Input[str]] = None,
                  regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  services: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  url: Optional[pulumi.Input[str]] = None,
                  opts: Optional[InvokeOptions] = None) -> Output[GetIpRangesResult]
Copy
func GetIpRanges(ctx *Context, args *GetIpRangesArgs, opts ...InvokeOption) (*GetIpRangesResult, error)
func GetIpRangesOutput(ctx *Context, args *GetIpRangesOutputArgs, opts ...InvokeOption) GetIpRangesResultOutput
Copy

> Note: This function is named GetIpRanges in the Go SDK.

public static class GetIpRanges 
{
    public static Task<GetIpRangesResult> InvokeAsync(GetIpRangesArgs args, InvokeOptions? opts = null)
    public static Output<GetIpRangesResult> Invoke(GetIpRangesInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetIpRangesResult> getIpRanges(GetIpRangesArgs args, InvokeOptions options)
public static Output<GetIpRangesResult> getIpRanges(GetIpRangesArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: aws:index/getIpRanges:getIpRanges
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

Services This property is required. List<string>

Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the [service attribute][2] documentation for other possible values.

NOTE: If the specified combination of regions and services does not yield any CIDR blocks, this call will fail.

Id string
Regions List<string>
Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g., eu-central-1)
Url string
Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documentation. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.
Services This property is required. []string

Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the [service attribute][2] documentation for other possible values.

NOTE: If the specified combination of regions and services does not yield any CIDR blocks, this call will fail.

Id string
Regions []string
Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g., eu-central-1)
Url string
Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documentation. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.
services This property is required. List<String>

Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the [service attribute][2] documentation for other possible values.

NOTE: If the specified combination of regions and services does not yield any CIDR blocks, this call will fail.

id String
regions List<String>
Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g., eu-central-1)
url String
Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documentation. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.
services This property is required. string[]

Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the [service attribute][2] documentation for other possible values.

NOTE: If the specified combination of regions and services does not yield any CIDR blocks, this call will fail.

id string
regions string[]
Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g., eu-central-1)
url string
Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documentation. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.
services This property is required. Sequence[str]

Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the [service attribute][2] documentation for other possible values.

NOTE: If the specified combination of regions and services does not yield any CIDR blocks, this call will fail.

id str
regions Sequence[str]
Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g., eu-central-1)
url str
Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documentation. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.
services This property is required. List<String>

Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the [service attribute][2] documentation for other possible values.

NOTE: If the specified combination of regions and services does not yield any CIDR blocks, this call will fail.

id String
regions List<String>
Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g., eu-central-1)
url String
Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documentation. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.

getIpRanges Result

The following output properties are available:

CidrBlocks List<string>
Lexically ordered list of CIDR blocks.
CreateDate string
Publication time of the IP ranges (e.g., 2016-08-03-23-46-05).
Id string
Ipv6CidrBlocks List<string>
Lexically ordered list of IPv6 CIDR blocks.
Services List<string>
SyncToken int
Publication time of the IP ranges, in Unix epoch time format (e.g., 1470267965).
Regions List<string>
Url string
CidrBlocks []string
Lexically ordered list of CIDR blocks.
CreateDate string
Publication time of the IP ranges (e.g., 2016-08-03-23-46-05).
Id string
Ipv6CidrBlocks []string
Lexically ordered list of IPv6 CIDR blocks.
Services []string
SyncToken int
Publication time of the IP ranges, in Unix epoch time format (e.g., 1470267965).
Regions []string
Url string
cidrBlocks List<String>
Lexically ordered list of CIDR blocks.
createDate String
Publication time of the IP ranges (e.g., 2016-08-03-23-46-05).
id String
ipv6CidrBlocks List<String>
Lexically ordered list of IPv6 CIDR blocks.
services List<String>
syncToken Integer
Publication time of the IP ranges, in Unix epoch time format (e.g., 1470267965).
regions List<String>
url String
cidrBlocks string[]
Lexically ordered list of CIDR blocks.
createDate string
Publication time of the IP ranges (e.g., 2016-08-03-23-46-05).
id string
ipv6CidrBlocks string[]
Lexically ordered list of IPv6 CIDR blocks.
services string[]
syncToken number
Publication time of the IP ranges, in Unix epoch time format (e.g., 1470267965).
regions string[]
url string
cidr_blocks Sequence[str]
Lexically ordered list of CIDR blocks.
create_date str
Publication time of the IP ranges (e.g., 2016-08-03-23-46-05).
id str
ipv6_cidr_blocks Sequence[str]
Lexically ordered list of IPv6 CIDR blocks.
services Sequence[str]
sync_token int
Publication time of the IP ranges, in Unix epoch time format (e.g., 1470267965).
regions Sequence[str]
url str
cidrBlocks List<String>
Lexically ordered list of CIDR blocks.
createDate String
Publication time of the IP ranges (e.g., 2016-08-03-23-46-05).
id String
ipv6CidrBlocks List<String>
Lexically ordered list of IPv6 CIDR blocks.
services List<String>
syncToken Number
Publication time of the IP ranges, in Unix epoch time format (e.g., 1470267965).
regions List<String>
url String

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi
pulumi/pulumi-aws