By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Appflow - security group

0

I want to configure the firewall in the security group to allow only Amazon AppFlow access to the RDS Postgres. Therefore, I retrieved the IP range from the ip_range.json file at https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html, selecting all entries related to AppFlow. This included 3 groups of IPs with a /30 subnet mask. Initially, this worked for a few requests, but then I started experiencing timeouts. After enabling IP logging and opening the firewall, I discovered a new IP (44.211.234.252) not listed in ip-range.json, which belongs to Amazon. Consequently, I added the entire range 44.192.0.0/11, and this solution worked for a few days. However, the connection has failed again, and I found another missing Amazon IP: 34.236.216.188, in my firewall settings. I'm unsure how to proceed. How can I determine the IP ranges used by Amazon AppFlow to ensure they are included in the firewall?

Topics
Networking & Content DeliveryApplication IntegrationAWS Well-Architected Framework
Tags
Amazon VPCAmazon AppFlowSecuritySecurity Group
Language
English
Sergiu
asked 3 months ago228 views
1 Answer
0

Hi

The IP ranges (per region) from where AppFlow will initiate requests are available here: https://ip-ranges.amazonaws.com/ip-ranges.json. Your approach seems to be correct!

Since, you have observed deviation from this, I suggest you get in touch with AWS Support so that they can investigate this specific case.

Thanks

profile pictureAWS
Rama
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content