Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the source IPs of AWS SNS HTTP/HTTPS notification?

I have configured AWS SNS notification to call my HTTP endpoint. I need to open my firewall to allow AWS SNS to call it.

However, I cannot find any information about SNS HTTP(s) notification call IPs. I have caught a few IPs (54.240.194.1,54.240.194.65,54.240.194.129 ) by it's calls. But I'm not sure what's the full list of SNS HTTP notification source IPs.

I can open my firewall as 54.240.194.0/24. But no official information this is correct.

Thanks.

like image 560
Wenbing Li Avatar asked Dec 09 '22 08:12

Wenbing Li


2 Answers

The list of IP addresses from which Amazon SNS notifications are sourced is provided in the Amazon SNS forums. We update this post as the IP information changes.

Please note that while notifications will usually be sourced from an IP in the same region where your topic was created, this is not guaranteed e.g., a notification sent from a topic created in US-EAST-1 may be sourced from either US-WEST-1 or EU-WEST-1. In other words, you should add all addresses on this list to your ingress rules, even if you only plan to use a single region.

like image 85
Rohan Deshpande Avatar answered Dec 13 '22 22:12

Rohan Deshpande


In this situation SQS is probably more appropriate because you will be initiating the connection to Amazon instead of asking AWS to reach out to you. This means no changes to your firewall are required and you are not poking holes in your security...

If you need SNS notifications for other end points, you can pump SNS to SQS for this specific end point:

http://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.html

like image 42
pherris Avatar answered Dec 13 '22 22:12

pherris