Developer Interfaces

All public interfaces and classes are exposed under the main awsipranges package.

get_ranges()

awsipranges.get_ranges(cafile=None, capath=None)

Get the AWS IP address ranges from the published JSON document.

It is your responsibility to verify the TLS certificate presented by the server. By default, the Python urllib module (used by this function) verifies the TLS certificate presented by the server against the system-provided certificate datastore.

You can download the Amazon root CA certificates from the Amazon Trust Services repository.

The optional cafile and capath parameters may be used to specify a set of trusted CA certificates for the HTTPS request. cafile should point to a single file containing a bundle of CA certificates, whereas capath should point to a directory of certificate files with OpenSSL hash filenames. To verify the TLS certificate against Amazon root certificates, download the CA certificates (in PEM format) from Amazon Trust Services and provide the path to the certificate(s) using the cafile or capath parameters.

See the OpenSSL SSL_CTX_load_verify_locations documentation for details on the expected CAfile and CApath file formats.

Parameters:

  • cafile (optional Path) - path to a file of stacked (concatenated) CA certificates in PEM format

  • capath (optional Path) - path to a directory containing one or more certificates in PEM format using the OpenSSL subject-name-hash filenames

Returns:

The AWS IP address ranges in a AWSIPPrefixes collection.

AWSIPPrefixes

class awsipranges.AWSIPPrefixes(sync_token=None, create_date=None, ipv4_prefixes=None, ipv6_prefixes=None, md5=None)

A collection of AWS IP address prefixes.

createDate

The publication date and time, in UTC.

This is a convenience attribute to maintain API compatibility with the JSON attribute names.

create_date

The publication date and time, in UTC.

filter(self, regions=None, network_border_groups=None, services=None, versions=None)

Filter the AWS IP address ranges.

The service "AMAZON" is not a service but rather an identifier used to get all IP address ranges - meaning that every prefix is contained in the subset of prefixes tagged with the "AMAZON" service. Some IP address ranges are only tagged with the "AMAZON" service.

Parameters:

  • regions (optional str or iterable sequence of strings) - the AWS Regions to include in the subset
  • network_border_groups (optional str or iterable sequence of strings) - the AWS network border groups to include in the subset
  • services (optional str or iterable sequence of strings) - the AWS services to include in the subset
  • versions (optional int) - the IP address version (4, 6) to include in the subset

Returns:

A new AWSIPPrefixes object that contains the subset of IP prefixes that match your filter criteria.

get(self, key, default=None)

Get the AWS IP address prefix that contains the IPv4 or IPv6 key.

Returns the longest-match prefix that contains the provided key or the value of the default= parameter if the key is not found in the collection.

Parameters:

  • key (str, IPv4Address, IPv6Address, IPv4Network, IPv6Network, IPv4Interface, IPv6Interface, AWSIPv4Prefix, AWSIPv6Prefix) - the IP address or network to retrieve from the collection
  • default - the value to return if the key is not found in the collection

Returns:

The AWSIPv4Prefix or AWSIPv6Prefix that contains the provided key.

get_prefix_and_supernets(self, key, default=None)

Get the prefix and supernets that contain the IPv4 or IPv6 key.

Returns a tuple that contains the longest-match prefix and supernets that contains the provided key or the value of the default= parameter if the key is not found in the collection.

The tuple is sorted by prefix length in ascending order (shorter prefixes come before longer prefixes).

Parameters:

  • key (str, IPv4Address, IPv6Address, IPv4Network, IPv6Network, IPv4Interface, IPv6Interface, AWSIPv4Prefix, AWSIPv6Prefix) - the IP address or network to retrieve from the collection
  • default - the value to return if the key is not found in the collection

Returns:

A tuple of the AWSIPv4Prefixes or AWSIPv6Prefixes that contains the provided key.

ipv4_prefixes

The IPv4 prefixes in the collection.

ipv6_prefixes

The IPv6 prefixes in the collection.

md5

The MD5 cryptographic hash value of the ip-ranges.json file.

You can use this value to verify the integrity of the downloaded file.

network_border_groups

The set of network border groups in the collection.

prefixes

The IPv4 prefixes in the collection.

This is a convenience attribute to maintain API compatibility with the JSON attribute names.

regions

The set of regions in the collection.

services

The set of services in the collection.

The service "AMAZON" is not a service but rather an identifier used to get all IP address ranges - meaning that every prefix is contained in the subset of prefixes tagged with the "AMAZON" service. Some IP address ranges are only tagged with the "AMAZON" service.

syncToken

The publication time, in Unix epoch time format.

This is a convenience attribute to maintain API compatibility with the JSON attribute names.

sync_token

The publication time, in Unix epoch time format.

AWSIPPrefix

Base class for the AWSIPv4Prefix and AWSIPv6Prefix classes. AWSIPPrefix objects are immutable and hashable and therefore may be added to Python sets and be used as keys in dictionaries.

class awsipranges.AWSIPPrefix(prefix, region, network_border_group, services)

AWS IP Prefix.

hostmask

The host mask (aka. wildcard mask), as an IP Address object.

netmask

The net mask, as an IP Address object.

network_address

The network address for the network.

network_border_group

The name of the network border group.

A network border group is a unique set of Availability Zones or Local Zones from where AWS advertises IP addresses.

num_addresses

The total number of addresses in the network.

prefix

The public IP network prefix.

prefixlen

Length of the network prefix, in bits.

region

The AWS Region or GLOBAL for edge locations.

The CLOUDFRONT and ROUTE53 ranges are GLOBAL.

services

Services that use IP addresses in this IP prefix.

The addresses listed for API_GATEWAY are egress only.

The service "AMAZON" is not a service but rather an identifier used to get all IP address ranges - meaning that every prefix is contained in the subset of prefixes tagged with the "AMAZON" service. Some IP address ranges are only tagged with the "AMAZON" service.

version

The IP version (4, 6).

with_hostmask

A string representation of the network, with the mask in host mask notation.

with_netmask

A string representation of the network, with the mask in net mask notation.

with_prefixlen

A string representation of the IP prefix, in network/prefix notation.

AWSIPv4Prefix

Supports all the properties and methods of the AWSIPPrefix base class and the Python native IPv4Network class.

class awsipranges.AWSIPv4Prefix(prefix, region, network_border_group, services)

AWS IPv4 Prefix.

ip_prefix

The public IPv4 network prefix.

This is a convenience attribute to maintain API compatibility with the JSON attribute names.

AWSIPv6Prefix

Supports all the properties and methods of the AWSIPPrefix base class and the Python native IPv6Network class.

class awsipranges.AWSIPv6Prefix(prefix, region, network_border_group, services)

AWS IPv6 Prefix.

ipv6_prefix

The public IPv6 network prefix.

This is a convenience attribute to maintain API compatibility with the JSON attribute names.