• What does it do ?
• This project uses
• Where does the information comes from
• Get started
• Clean up
• Notes

Sometimes you need to validate the source IP address in your applications. If you are running your workloads on AWS, you might need to validate if:

• The IP address is an valid AWS IP
• What AWS region that IP address belongs to
• What is the service associated with the said IP address

If this is your use case, this project might help you.

It uses AWS API Gateway to provide you with an REST API to query an IP address. You can use this code to deploy your own API and integrate with your applications.

• The Serverless Framework
• AWS API Gateway
• Python3
• Serverless plugins
  • serverless-python-requirements

AWS provides a list of IP ranges in a json format. You can find the file here:

https://ip-ranges.amazonaws.com/ip-ranges.json

An example of how the file looks like:

    {
      "ip_prefix": "18.191.0.0/16",
      "region": "us-east-2",
      "service": "EC2",
      "network_border_group": "us-east-2"
    },

• Install the Serveless Framework
• Install the serverless-python-requirements plugin

sls plugin install -n serverless-python-requirements

• Deploy the serverless architecture by running:

serverless --aws-profile <YOUR_PROFILE_NAME> deploy

Replace <YOUR_PROFILE_NAME> with your AWS profile name.

If the deployment is successful, you will see the API Gateway endpoints created:

  GET - https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/health/check
  GET - https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/{ip}
  GET - https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/{ip}/region
  GET - https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/{ip}/service

curl https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/18.228.93.48

Result:

{
  "data": {
    "ip_prefix": "18.228.0.0/16",
    "region": "sa-east-1",
    "service": "EC2",
    "network_border_group": "sa-east-1"
  }
}

curl -vvvv https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/52.1.1.1/region

Result:

{
  "region": "us-east-1"
}

curl https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/3.17.184.157/service

Result:

{
  "service": "EC2"
}

curl https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/127.0.0.1

Result:

{
  "data": "unknown"
}

curl https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/127.0.0.1/region

Result:

{
  "region": "unknown"
}

curl https://qe0fnc7qn7.execute-api.us-east-2.amazonaws.com/prod/127.0.0.1/service

Result:

{
  "service": "unknown"
}

• Destroy the serverless architecture by running:

serverless --aws-profile <YOUR_PROFILE_NAME> remove

Running this code will create AWS resources in your account that might not be included in the free tier.