Question 291071 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – What is the IP Network range for Google Cloud Storage service?

Is there a way to retrieve the IP ranges used by the GCP Storage service? When I dig storage.googleapis.com I get a list of IPs that is not included in the range present here.

My scenario:
I’m accessing a Google Cloud Storage bucket from an AWS network. I have an outbound rule in the AWS security group that allows connections to specific IP ranges. I need to include there the IP ranges for GCP Storage. Is there a similar concept in GCP to S3 managed prefix lists?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    One way to do it is described here. This list is for google API endpoints, not restricted to storage service. You can take the IPs from goog.json and subtract the IPs from cloud.json to get the google APIs IPs. They can change so you need to retrieve them periodically.

    import requests
import ipaddress

def get_ipv4_ranges(url):
    """Fetches IPv4 ranges from a given URL."""
    try:
        response = requests.get(url)
        response.raise_for_status()
        data = response.json()
        return {prefix['ipv4Prefix'] for prefix in data['prefixes'] if 'ipv4Prefix' in prefix}
    except requests.RequestException as e:
        print(f"Error fetching data from {url}: {e}")
        return set()

def sort_ipv4_ranges(ranges):
    """Sorts IPv4 ranges."""
    return sorted(ranges, key=lambda ip: ipaddress.IPv4Network(ip))

def main():
    # URLs containing the IPv4 ranges
    goog_url = "https://www.gstatic.com/ipranges/goog.json"
    cloud_url = "https://www.gstatic.com/ipranges/cloud.json"

    # Fetching the IPv4 ranges
    goog_ipv4_ranges = get_ipv4_ranges(goog_url)
    cloud_ipv4_ranges = get_ipv4_ranges(cloud_url)

    # Removing the cloud ranges from the goog ranges and sorting
    remaining_ranges = sort_ipv4_ranges(goog_ipv4_ranges - cloud_ipv4_ranges)

    # Output the sorted remaining ranges
    for range in remaining_ranges:
        print(range)


if __name__ == "__main__":
    main()

  2. 0

    Those IP Ranges you are sharing are for the Compute services per this documentation

    I do not recall (and can not find at the moment) that exists such lists for the storage services on GCP.

    But perhaps you can try to add a load balancer in front of the GCP Bucket? In this case you can whitelist the IP of the load balancer. This documentation might help

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search