aws-ip-ranges 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c225665cec6c7205ff46219d77132011653a20cc5bfac94b3d74ad8ac9bbc424
+  data.tar.gz: be8c5ff22db519157d8a1d1d345a296347e0e307aa79ea2b2ef6f7784d7fd46c
+SHA512:
+  metadata.gz: 275c52bcda6397d5ec9dcb9852fe53856c1858b39379ef521c8c2ed2bd7eb8204556185dc13b4d81285ee9199e9ba7ea73f3088d091d3e44fbaaf1b29806e7fc
+  data.tar.gz: 443e52964abfa8b5a899542c84e7d869abe14909f21eba4315d977da68c7c6deedc1de136ab4893869beea1f82743d4e2540e758ca201ed4702838fcca033c46

data/.rubocop.yml

@@ -0,0 +1,22 @@
+AllCops:
+  TargetRubyVersion: 2.6
+  NewCops: enable
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120
+
+Naming/FileName:
+  Exclude:
+    - lib/aws-ip-ranges.rb
+
+Metrics/ClassLength:
+  Exclude:
+    - test/**/*.rb

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.6.9

data/CHANGELOG.md

@@ -0,0 +1,4 @@
+## [Unreleased]
+
+- Add CLI and API to fetch and filter AWS IP ranges
+

data/Gemfile

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in aws-ip-ranges.gemspec
+gemspec
+
+gem "minitest", "~> 5.0"
+gem "rack", "~> 2.2"
+gem "rake", "~> 13.0"
+gem "rubocop", "~> 1.7"
+gem "sinatra", "~> 2.2"
+gem "webrick", "~> 1.7"
+
+gem "pry-byebug", "~> 3.9"

data/Gemfile.lock

@@ -0,0 +1,78 @@
+PATH
+  remote: .
+  specs:
+    aws-ip-ranges (0.1.0)
+      dry-cli (~> 0.7.0)
+      faraday (~> 2.0)
+      faraday-retry (~> 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    byebug (11.1.3)
+    coderay (1.1.3)
+    dry-cli (0.7.0)
+    faraday (2.2.0)
+      faraday-net_http (~> 2.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (2.0.1)
+    faraday-retry (1.0.3)
+    method_source (1.0.0)
+    minitest (5.15.0)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    parallel (1.22.1)
+    parser (3.1.1.0)
+      ast (~> 2.4.1)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    rack (2.2.3)
+    rack-protection (2.2.0)
+      rack
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.2.1)
+    rexml (3.2.5)
+    rubocop (1.26.1)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.16.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.16.0)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    sinatra (2.2.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.2.0)
+      tilt (~> 2.0)
+    tilt (2.0.10)
+    unicode-display_width (2.1.0)
+    webrick (1.7.0)
+
+PLATFORMS
+  x86_64-darwin-20
+  x86_64-linux
+
+DEPENDENCIES
+  aws-ip-ranges!
+  minitest (~> 5.0)
+  pry-byebug (~> 3.9)
+  rack (~> 2.2)
+  rake (~> 13.0)
+  rubocop (~> 1.7)
+  sinatra (~> 2.2)
+  webrick (~> 1.7)
+
+BUNDLED WITH
+   2.3.10

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Happydemics
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,75 @@
+# `aws-ip-ranges`
+
+Retrieve AWS IP ranges with ease.
+
+## Installation
+
+Run:
+
+```sh
+gem install aws-ip-ranges
+```
+
+## Usage
+
+### Code
+
+```ruby
+AwsIpRanges.fetch(service: ['cloudfront', 's3']) # => [#<IPAddr: IPv4:3.2.34.0/255.255.255.192>,  #<IPAddr: IPv4:3.5.140.0/255.255.252.0>]
+AwsIpRanges.fetch(region: 'eu-west-3')
+AwsIpRanges.fetch(only_ipv4: true)
+AwsIpRanges.fetch(only_ipv6: true)
+```
+
+### CLI
+
+Execute:
+
+```sh
+$ aws-ip-ranges list
+35.172.155.192/27
+35.172.155.96/27
+44.192.134.240/28
+...
+2600:1f70:c000:400::/56
+```
+
+See the help for more usage:
+
+```sh
+Command:
+  aws-ip-ranges list
+
+Usage:
+  aws-ip-ranges list
+
+Description:
+  List all AWS IP ranges
+
+Options:
+  --[no-]only-ipv6                  # Whether to include only IPv6 ranges., default: false
+  --[no-]only-ipv4                  # Whether to include only IPv4 ranges., default: false
+  --service=VALUE1,VALUE2,..        # Which services to include. By default, includes all.
+  --region=VALUE1,VALUE2,..         # Which regions to include. By default, includes all.
+  --help, -h                        # Print this help
+
+Examples:
+  aws-ip-ranges list                                             # Prints all AWS IP ranges
+  aws-ip-ranges list --only-ipv4                                 # Prints all AWS IPv4 ranges
+  aws-ip-ranges list --only-ipv6 --service=cloudfront,global     # Prints AWS Cloudfront and Global IPv6 ranges
+  aws-ip-ranges list --only-ipv6 --service=s3 --region=eu-west-1 # Prints AWS S3 IPv6 ranges in the eu-west-1 region
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+We are not accepting outside contribution on this library at the moment.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[test rubocop]

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "aws/ip/ranges"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/aws-ip-ranges

@@ -0,0 +1,71 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "dry/cli"
+
+require "aws_ip_ranges"
+
+module AwsIpRanges
+  module CLI
+    # rubocop:disable Style/Documentation
+    module Commands
+      extend Dry::CLI::Registry
+
+      class Version < Dry::CLI::Command
+        desc "Print version"
+
+        def call(*)
+          puts AwsIpRanges::VERSION
+        end
+      end
+
+      class List < Dry::CLI::Command
+        desc "List all AWS IP ranges"
+
+        option :only_ipv6, type: :boolean, default: false, desc: "Whether to include only IPv6 ranges."
+        option :only_ipv4, type: :boolean, default: false, desc: "Whether to include only IPv4 ranges."
+        option :service, type: :array, default: nil, desc: "Which services to include. By default, includes all."
+        option :region, type: :array, default: nil, desc: "Which regions to include. By default, includes all."
+
+        example [
+          "                                            # Prints all AWS IP ranges",
+          "--only-ipv4                                 # Prints all AWS IPv4 ranges",
+          "--only-ipv6 --service=cloudfront,global     # Prints AWS Cloudfront and Global IPv6 ranges",
+          "--only-ipv6 --service=s3 --region=eu-west-1 # Prints AWS S3 IPv6 ranges in the eu-west-1 region"
+        ]
+
+        def call(only_ipv6: nil, only_ipv4: nil, service: nil, region: nil, **)
+          check_ip_version(only_ipv4, only_ipv6)
+
+          base_url = ENV["AWS_IP_RANGE_HOST_URL"] || AwsIpRanges::DEFAULT_HOST_URL
+          ips = AwsIpRanges.fetch(only_ipv6: only_ipv6, only_ipv4: only_ipv4, service: service, region: region,
+                                  base_url: base_url)
+          ips.each do |ip|
+            puts "#{ip}/#{ip.prefix}"
+          end
+        rescue StandardError => e
+          error 2, "Failed to load IP ranges: #{e}"
+        end
+
+        private
+
+        def check_ip_version(only_ipv4, only_ipv6)
+          return if !only_ipv4 || !only_ipv6
+
+          error(1, '"aws-ip-ranges list" cannot be called with both --only-ipv4 and --only-ipv6 options')
+        end
+
+        def error(status, msg)
+          warn "ERROR: #{msg}"
+          exit status
+        end
+      end
+
+      register "version", Version, aliases: ["v", "-v", "--version"]
+      register "list",    List
+    end
+    # rubocop:enable Style/Documentation
+  end
+end
+
+Dry::CLI.new(AwsIpRanges::CLI::Commands).call

data/lib/aws-ip-ranges.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "aws_ip_ranges"

data/lib/aws_ip_ranges/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module AwsIpRanges
+  VERSION = "0.1.0"
+end

data/lib/aws_ip_ranges.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require "faraday"
+require "faraday/net_http"
+require "faraday/retry"
+
+require "aws_ip_ranges/version"
+
+Faraday.default_adapter = :net_http
+
+#
+# Retrieves the IP ranges from AWS.
+#
+module AwsIpRanges
+  DEFAULT_HOST_URL = "https://ip-ranges.amazonaws.com/"
+
+  class << self
+    #
+    # Fetches the latest list of IP ranges from AWS.
+    #
+    # @param [true,false] only_ipv6 whether to return only IP v6 ranges. Defaults to `false`.
+    # @param [true,false] only_ipv4 whether to return only IP v4 ranges. Defaults to `false`.
+    # @param [Array<String>,String] region a list of region to filter the ip ranges.
+    # @param [Array<String>,String] service a list of services to filter the ip ranges.
+    #
+    # @return [Array<IPAddr>] a list of IP ranges from AWS services.
+    #
+    def fetch(only_ipv6: false, only_ipv4: false, region: nil, service: nil, base_url: DEFAULT_HOST_URL)
+      ip_ranges = fetch_ip_ranges(base_url, only_ipv6: only_ipv6, only_ipv4: only_ipv4)
+      ip_ranges = filter_by_region(ip_ranges, region)
+      ip_ranges = filter_by_service(ip_ranges, service)
+      ip_ranges.map do |ip_range|
+        IPAddr.new(ip_range["ip_prefix"])
+      end
+    end
+
+    private
+
+    def fetch_ip_ranges(base_url, only_ipv6:, only_ipv4:)
+      resp = http_client(base_url).get("/ip-ranges.json")
+      aws_ip_ranges_config = JSON.parse(resp.body)
+
+      ip_ranges = []
+      ip_ranges.concat(aws_ip_ranges_config["prefixes"]) if only_ipv4 || !only_ipv6
+      ip_ranges.concat(map_ipv6(aws_ip_ranges_config["ipv6_prefixes"])) if only_ipv6 || !only_ipv4
+      ip_ranges
+    end
+
+    def filter_by_region(ips, regions)
+      filter_by_key(ips, "region", regions)
+    end
+
+    def filter_by_service(ips, services)
+      filter_by_key(ips, "service", services)
+    end
+
+    def filter_by_key(ips, key, values)
+      return ips if values.nil?
+
+      values = Array(values)
+      values = values.map(&:downcase)
+      ips.filter { |config| values.include?(config[key].downcase) }
+    end
+
+    def map_ipv6(prefixes)
+      prefixes.each { |prefix| prefix["ip_prefix"] = prefix.delete("ipv6_prefix") }
+    end
+
+    def http_client(base_url)
+      Faraday.new(url: base_url) do |faraday|
+        faraday.options.timeout = 10
+        faraday.request  :retry,
+                         max: 5,
+                         interval: 1,
+                         interval_randomness: 0.5,
+                         backoff_factor: 2
+        faraday.response :raise_error
+        faraday.adapter Faraday.default_adapter
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,104 @@
+--- !ruby/object:Gem::Specification
+name: aws-ip-ranges
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Yohan Robert
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2022-10-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dry-cli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: faraday-retry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: Retrieve AWS IP ranges with ease.
+email:
+- yohan.robert@happydemics.com
+executables:
+- aws-ip-ranges
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rubocop.yml"
+- ".tool-versions"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/aws-ip-ranges
+- lib/aws-ip-ranges.rb
+- lib/aws_ip_ranges.rb
+- lib/aws_ip_ranges/version.rb
+homepage: https://github.com/happydemics/aws-ip-ranges
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/happydemics/aws-ip-ranges
+  source_code_uri: https://github.com/happydemics/aws-ip-ranges
+  changelog_uri: https://github.com/happydemics/aws-ip-ranges/tree/master/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key:
+specification_version: 4
+summary: Retrieve AWS IP ranges with ease.
+test_files: []