» Data Source: aws_ip_ranges

Use this data source to get the IP ranges of various AWS products and services. For more information about the contents of this data source and required JSON syntax if referencing a custom URL, see the AWS IP Address Ranges documention.

» Example Usage

data "aws_ip_ranges" "european_ec2" {
  regions  = ["eu-west-1", "eu-central-1"]
  services = ["ec2"]
}

resource "aws_security_group" "from_europe" {
  name = "from_europe"

  ingress {
    from_port        = "443"
    to_port          = "443"
    protocol         = "tcp"
    cidr_blocks      = ["${data.aws_ip_ranges.european_ec2.cidr_blocks}"]
    ipv6_cidr_blocks = ["${data.aws_ip_ranges.european_ec2.ipv6_cidr_blocks}"]
  }

  tags = {
    CreateDate = "${data.aws_ip_ranges.european_ec2.create_date}"
    SyncToken  = "${data.aws_ip_ranges.european_ec2.sync_token}"
  }
}

» Argument Reference

  • regions - (Optional) Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g. eu-central-1)

  • services - (Required) Filter IP ranges by services. Valid items are amazon (for amazon.com), amazon_connect, api_gateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2_instance_connect, globalaccelerator, route53, route53_healthchecks, s3 and workspaces_gateways. See the service attribute documentation for other possible values.

» Attributes Reference

  • cidr_blocks - The lexically ordered list of CIDR blocks.
  • ipv6_cidr_blocks - The lexically ordered list of IPv6 CIDR blocks.
  • create_date - The publication time of the IP ranges (e.g. 2016-08-03-23-46-05).
  • sync_token - The publication time of the IP ranges, in Unix epoch time format (e.g. 1470267965).