Uly.me

cloud engineer

ip cidr

AWS WAF IP Set

Here’s how to get the WAF rule.

aws waf-regional get-rule \
--rule-id xxxxxxxxxxxxxxxxxxxxxxxxxxx

Here’s how to get the AWS WAF IP set.

aws waf-regional get-ip-set \
--ip-set-id xxxxxxxxxxxxxxxxxxx \
--region us-east-1 \
--profile your-profile

Here’s how to get the latest token.

aws waf-regional get-change-token

Result is similar to this.

{
    "ChangeToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

Create a JSON file called “change.json” to be used for updating the IP set. We will insert and delete an IP set.

[
    {
        "Action": "INSERT",
        "IPSetDescriptor":
        {
            "Type": "IPV4",
            "Value": "12.34.56.78/24"
        }
    },
    {
        "Action": "DELETE",
        "IPSetDescriptor":
        {
            "Type": "IPV6",
            "Value": "1111:0000:0000:0000:0000:0000:0000:0111/128"
        }
    }
]

Finally, here’s how to update the IP set.

aws waf-regional update-ip-set \
--ip-set-id xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
--change-token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
--region us-east-1 \
--profile default \
--updates file://change.json

AWS Security Groups IP Cidr

Here’s how to search for AWS Security Groups containing this IP Cidr.

aws ec2 describe-security-groups \
--filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \
--query "SecurityGroups[*].{Name:GroupName}" \
--output text \
--profile default \
--region us-east-1

Search with ports.

aws ec2 describe-security-groups \
--filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \
         Name=egress.ip-permission.from-port,Values='22' \
         Name=egress.ip-permission.to-port,Values='22' \
--query "SecurityGroups[*].{Name:GroupName}" \
--output text \
--profile default \
--region us-east-1

Query will only display the Security Group name.