Obtaining AWS IP ranges to enable proxy and firewall configuration

Depending on your company's infrastructure setup, the on-premises components may or may not go through a proxy/firewall to reach the Symphony pod.

We have seen previous cases where the customer's own network team use a static IP in the proxy/firewall settings, to allow traffic directly to the Symphony pod. However, static IP's provide an issue at this point due to AWS performing automatic scaling on their side, which will assign/remove IP from the ELB dynamically. 
 
Note: Quoted from AWS support documents: Because the set of IP addresses associated with a LoadBalancer can change over time, you should never create an 'A' record with any specific IP address. If you want to use a friendly DNS name for your load balancer instead of the name generated by the Elastic Load Balancing service, you should create a CNAME record for the LoadBalancer DNS name, or use Amazon Route 53 to create a hosted zone. For more information, see Using Domain Names With Elastic Load Balancing
 
Note: Symphony have no control over AWS regarding their scaling, therefore Symphony is unable to notify you beforehand
 
In the event that your company does use static IP in the proxy/firewall settings, you may want to refer to the below steps to find the IP ranges for your pod. To find which AWS region your pod is located or what the IP is used by your pod in the ELB currently, you can use the following NSLOOKUP command: 

nslookup <POD NAME>.symphony.com

Server:  USPA-DC03.corp.symphony.com

Address:  AAA.BBB.CCC.DDD

 

Non-authoritative answer:

Name:    XXXXXXXXXXXXXXXXXXXX.us-east-1.elb.amazonaws.com

Addresses:  AAA.BBB.CCC.DDD

          AAA.BBB.CCC.DDD

          AAA.BBB.CCC.DDD

Aliases:  <POD NAME>.symphony.com

In the above example, the region name is US-East-1
 
If that is the case, you may want to check with your network team to review the AWS IP address range for the US-East-1 region by using the following URL:

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

As there are many IP address which AWS holds - it was best advised to filter for the specific IP address - there were approximately 251 IP address for the US-East-1 region.

You will also be able to filter for the IP address using the following URL:
https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#filter-json-file
 
You can use the following URL tool, to calculate the IP range and its netmask (supernet) address:
 
 
Here, the IP netmask (supernet) for 34.199.96.10 will give you the IP and netmask of 34.192.0.0/12. This will cover the range from 34.192.0.1 to 34.207.255.254 (Figure 1):


Figure 1 IP Details
 
If you require further assistance regarding this, please contact the Symphony Support team at support@symphony.com