Obtaining AWS IP ranges to enable proxy and firewall configuration

Depending on your company's infrastructure configuration, the on-prem components may or may not go through a proxy/firewall to reach your pod.

When your organizations internal IT team uses a static IP in the proxy/firewall setting to allow traffic directly to your pod, sometimes there has been an issue due to Amazon Web Services (AWS) performing automatic scaling on their side, which will assign/remove an IP from the ELB dynamically. 

Note: Because the set of IP addresses associated with a Load Balancer can change over time, you should never create an 'A' record with any specific IP address. If you want to use a friendly DNS name for your load balancer instead of the name generated by the ELB service, you should create a CNAME record for the Load Balancer DNS name, or use Amazon Route 53 to create a hosted zone. Further information on using domain names with ELB can be found here.
 
Note: Symphony have no control over AWS regarding their scaling.
 
In the event that your company does use a static IP in the proxy/firewall settings, you may want to use the steps below to find the IP ranges for your pod. To find which AWS region your pod is located or what the IP is used by your pod in the ELB currently, you can use the following NSLOOKUP command (Figure 1):
nslookup <POD NAME>.symphony.com

Server:  USPA-DC03.companyabc.symphony.com

Address:  AAA.BBB.CCC.DDD

Non-authoritative answer:

Name:    XXXXXXXXXXXXXXXXXXXX.us-east-1.elb.amazonaws.com

Addresses:  AAA.BBB.CCC.DDD

          AAA.BBB.CCC.DDD

          AAA.BBB.CCC.DDD

Aliases:  <POD NAME>.symphony.com
Figure 1 Command

In the above example, the region name is US-East-1
 
If that is the case, you may want to check with your internal IT team to review the AWS IP address range for the US-East-1 region by using the following URL:

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

As there are many IP address which AWS holds - it was best advised to filter for the specific IP address - there were approximately 251 IP address for the US-East-1 region.

You will also be able to filter for the IP address by using the following URL:

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#filter-json-file
 
You can use the following URL tool, to calculate the IP range and its netmask (supernet) address:
 
 
Here, the IP netmask (supernet) for 34.199.96.10 will give you the IP and netmask of 34.192.0.0/12. This will cover the range from 34.192.0.1 to 34.207.255.254 (Figure 2):

mceclip1.png
Figure 2 IP details
 
If you require further assistance regarding this, please contact the Symphony Support team at support@symphony.com