AWS us-east-1 EC2 IP Range to CIDR
Convert an AWS EC2 us-east-1 IP address range to CIDR notation. Learn how to work with AWS published IP ranges for security group and firewall configuration.
Detailed Explanation
Working with AWS IP Ranges
AWS publishes its IP address ranges in a JSON file at https://ip-ranges.amazonaws.com/ip-ranges.json. These ranges are organized by service (EC2, CloudFront, S3, etc.) and region. When configuring on-premises firewalls to allow traffic to/from AWS, you need these ranges in CIDR notation.
Example Range
Range: 3.80.0.0 - 3.95.255.255
CIDR: 3.80.0.0/12
This is a single contiguous block of 1,048,576 addresses used by EC2 instances in us-east-1.
AWS IP Range Structure
AWS ranges don't always align to clean boundaries. A typical scenario:
Range: 52.94.76.0 - 52.94.79.255
CIDR: 52.94.76.0/22
This /22 block contains 1,024 addresses. When the range isn't a perfect power-of-2 boundary, you may need multiple CIDR blocks.
Working with AWS Security Groups
AWS Security Groups accept CIDR notation for inbound and outbound rules. Common patterns:
- Allow from specific AWS range: Use the published CIDR directly
- Allow from your VPC: Use the VPC CIDR (e.g., 10.0.0.0/16)
- Allow from a partner: Convert their IP range to CIDR blocks
Automation Tip
You can script the conversion of AWS IP ranges using the jq command-line tool:
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | \
jq '.prefixes[] | select(.region=="us-east-1" and .service=="EC2") | .ip_prefix'
This extracts all EC2 CIDR blocks for us-east-1. For ranges that arrive as start-end pairs from other sources, use this tool to convert them.
Use Case
A security engineer receives a list of AWS EC2 IP ranges in start-end format from a compliance audit report. They need to convert these to CIDR notation to update their corporate firewall rules that control which AWS addresses can reach the internal monitoring system.