Amazon EC2 Network Subnets

For a project that exists both in Amazon Web Services EC2 US-EAST-1b and another cloud, I wanted to block network traffic between the two to ensure they didn’t affect each other. I started by doing an whois looking via ARIN for all of the IP addresses we are currently assigned in EC2, and I ultimately got the same list that I found registered to the AMAZO-4 contact with ARIN, with the exception of AMAZON-AES, which I presume is for Amazon Enterprise Solutions. I couldn’t tell you offhand if the same IP blocks are used in other AWS zones.

Network	CIDR	Netmask	ARIN Name
72.44.32.0	/19	255.255.224.0	AMAZON-EC2-2
67.202.0.0	/18	255.255.192.0	AMAZON-EC2-3
75.101.128.0	/17	255.255.128.0	AMAZON-EC2-4
174.129.0.0	/16	255.255.0.0	AMAZON-EC2-5
204.236.128.0	/17	255.255.128.0	AMAZON-EC2-6
184.72.0.0	/15	255.254.0.0	AMAZON-EC2-7
50.16.0.0	/14	255.252.0.0	AMAZON-EC2-8

Here are the IOS commands:

name 72.44.32.0 EC2-2 description AMAZON-EC2-2
name 67.202.0.0 EC2-3 description AMAZON-EC2-3
name 75.101.128.0 EC2-4 description AMAZON-EC2-4
name 174.129.0.0 EC2-5 description AMAZON-EC2-5
name 204.236.128.0 EC2-6 description AMAZON-EC2-6
name 184.72.0.0 EC2-7 description AMAZON-EC2-7
name 50.16.0.0 EC2-8 description AMAZON-EC2-8
object-group network ec2-us-east
   network-object 174.129.0.0 255.255.0.0
   network-object 184.72.0.0 255.254.0.0
   network-object 204.236.128.0 255.255.128.0
   network-object 50.16.0.0 255.252.0.0
   network-object 67.202.0.0 255.255.192.0
   network-object 72.44.32.0 255.255.224.0
   network-object 75.101.128.0 255.255.128.0

4 thoughts on “Amazon EC2 Network Subnets”

Andrew Hitchcock Wed, 01 Dec 2010 19:04:48 -0700 at 7:04 pm

Here is an official list if you are interested:

https://forums.aws.amazon.com/ann.jspa?annID=830

@somic Thu, 02 Dec 2010 08:34:10 -0700 at 8:34 am

And here is a simple python script to scrape AWS forums for that data 🙂

https://gist.github.com/559397

btm Post authorThu, 02 Dec 2010 12:55:22 -0700 at 12:55 pm

Thanks guys. It’s interesting that in the forum post they include the AES block for US-EAST. Parts of the networks I listed above are subnetted out to regions other than US-EAST, so it is inclusive, but there are a couple networks specifically assigned to other regions.

EU-WEST (RIPE):
46.51.128.0/18 255.255.192.0
46.51.192.0/20 255.255.240.0

AP-SOUTHEAST (APNIC):
175.41.128.0/18 255.255.192.0

Yonatan Ryabinski Sat, 09 Feb 2013 21:10:48 -0700 at 9:10 pm

xpath(‘*’);
$rst = $ipt.” -F “.$chain.” -t mangle”;
exec($rst);

foreach($items as $item) {
if (preg_match(“/\d+\.\d+\.\d+\.\d+/”,$item[‘startAddress’])) {
$cmd = $ipt . ” -A $chain -t mangle -m iprange –dst-range ” .$item[‘startAddress’].”-“.$item[‘endAddress’].” -m time –timestart 08:00 –timestop 01:00 -j MARK –set-mark 7 -m comment –comment \”AWS Day Time Queue\””;
echo “Adding range “.$item[‘startAddress’].”-“.$item[‘endAddress’].” to Day Time Queue\n”;
exec($cmd);
$cmd = $ipt . ” -A $chain -t mangle -m iprange –dst-range ” .$item[‘startAddress’].”-“.$item[‘endAddress’].” -m time –timestart 01:00 –timestop 08:00 -j MARK –set-mark 4 -m comment –comment \”AWS Night Time Queue\””;
echo “Adding range “.$item[‘startAddress’].”-“.$item[‘endAddress’].” to Night Time Queue\n”;
exec($cmd);
}
}
?>

btm.geek

Amazon EC2 Network Subnets

4 thoughts on “Amazon EC2 Network Subnets”

Leave a Reply Cancel reply