Menu
I have configured AWS SNS notification to call my HTTP endpoint. I need to open my firewall to allow AWS SNS to call it.
However, I cannot find any information about SNS HTTP(s) notification call IPs. I have caught a few IPs (54.240.194.1,54.240.194.65,54.240.194.129 ) by it's calls. But I'm not sure what's the full list of SNS HTTP notification source IPs.
I can open my firewall as 54.240.194.0/24. But no official information this is correct.
Thanks.
560
The list of IP addresses from which Amazon SNS notifications are sourced is provided in the Amazon SNS forums. We update this post as the IP information changes.
Please note that while notifications will usually be sourced from an IP in the same region where your topic was created, this is not guaranteed e.g., a notification sent from a topic created in US-EAST-1 may be sourced from either US-WEST-1 or EU-WEST-1. In other words, you should add all addresses on this list to your ingress rules, even if you only plan to use a single region.
85
In this situation SQS is probably more appropriate because you will be initiating the connection to Amazon instead of asking AWS to reach out to you. This means no changes to your firewall are required and you are not poking holes in your security...
If you need SNS notifications for other end points, you can pump SNS to SQS for this specific end point:
http://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.html
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
