0

We have recently analyzed our AWS data transfers/NAT gateway charges and what we have observed is that we are sending 80% of the traffic to an AMAZON service in this IP address range.

    {
      "ip_prefix": "3.237.107.0/25",
      "region": "us-east-1",
      "service": "AMAZON",
      "network_border_group": "us-east-1"
    }

When looking at AWS public IP address range in this link

https://ip-ranges.amazonaws.com/ip-ranges.json

This just mentions the above range as "AMAZON" but doesn't give many details about it.

Anyway can we know which AWS service falls under this IP address category?

Tried looking at S3/Dynamo DB/RDS/Elastic Cache and other AWS services we were using and this doesn't fall under those services.

santhu
  • 57
  • 2
  • 9
  • Some random checks in that IP range indicate that they are EC2s, i.e. `host 3.237.107.1` results in `ec2-3-237-107-1.compute-1.amazonaws.com`. What in your code is talking to an external EC2? – stdunbar Dec 22 '22 at 20:03
  • From curl output for a couple of these ip's, I get kineses / firehose service. Do you use these services? – Riz Dec 22 '22 at 20:58
  • Hi @stdunbar - Yes I have tried doing the nslookup, just the way you did, and unfortunately almost for all the IPs in the range, the output gives the same EC2 address as a DNS output. Not sure how to interpret it, considering the fact that AWS itself has mentioned that this range belongs to their AWS services – santhu Dec 23 '22 at 08:07
  • @Riz - sure, let me check on this. BTW, how did you interpret that these ips belong to Kinesis/Firehose ? can you help me with the curl command you used? – santhu Dec 23 '22 at 08:08
  • 1
    @santhu, you can do curl -v and you can see. Actually the certificate's CN is kinesis for .2 and firehose for .1 – Riz Dec 23 '22 at 10:49

0 Answers0