How do I block incoming traffic from Amazon AWS IPs?

Solution 1:

I used the information provided by alienth to create a bash script to block all AWS traffic. You can get it on GitHub: https://github.com/corbanworks/aws-blocker

Solution 2:

You can create a new iptables chain which can be separately flushed and refreshed.

$ iptables -N AWS
$ iptables -I INPUT 1 -j AWS

From here, just add all of the IP ranges to the AWS chain. To refresh the rules, simply iptables -F AWS and re-populate. For example:

$ iptables -F AWS
$ iptables -A AWS -s 50.19.0.0/16 -j REJECT

If you want to automate this, one thing you'll have to figure out is how trustworthy the IP data provided by AWS is. When pulling the JSON file make sure that you validate the SSL cert properly. There is still a possibility that AWS could release a malformed file, resulting in an automated iptables script blocking things you don't want to block.