- Le plus récent
- Le plus de votes
- La plupart des commentaires
When dealing with AWS services it's generally a bad idea / almost impossible to get an authoritative set of IP addresses for a particular service unless it is explicitly called out in the ip-ranges.json file that we publish.
In the case of sts (sts.us-east-1.amazonaws.com, sts.us-east-2.amazonaws.com, etc etc etc) these are not called out explicitly and aren't part of EC2.
Instead I'd recommend configuring a proxy host that looks at the requested domain, and allowlists the sts endpoint(s) they'd like to access.
So add a squid proxy to the VPC in a public subnet configured to allowlist the sts endpoint(s) they want to communicate with. Configure the Lambda function to launch in the VPC, and use the IP address(s) / ELB of the Squid Proxy to proxy your STS calls.
Contenus pertinents
- demandé il y a 22 jours
- demandé il y a 7 mois
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans