generate AWS CloudFront IP/CIDR range

gen_cf_cidr.py

#!/usr/bin/env python

import requests, json

d = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json').text
l = json.loads(d)
for ip_range in [x['ip_prefix'] for x in l['prefixes'] if x['service']=='CLOUDFRONT' ]:
        print ip_range

        # your vpc subnet where ELB resides in
        set_real_ip_from  10.0.0.0/8;
        # AWS CloudFront IP/CIDR range
        # see https://gist.github.com/pahud/224d2ff8139252a372a4c1282b90db73
        # and https://www.jayway.com/2014/03/28/how-to-get-the-client-ip-when-using-cloudfront-and-nginx/
        set_real_ip_from 52.84.0.0/15;
        set_real_ip_from 54.182.0.0/16;
        set_real_ip_from 54.192.0.0/16;
        set_real_ip_from 54.230.0.0/16;
        set_real_ip_from 54.239.128.0/18;
        set_real_ip_from 54.239.192.0/19;
        set_real_ip_from 54.240.128.0/18;
        set_real_ip_from 204.246.164.0/22;
        set_real_ip_from 204.246.168.0/22;
        set_real_ip_from 204.246.174.0/23;
        set_real_ip_from 204.246.176.0/20;
        set_real_ip_from 205.251.192.0/19;
        set_real_ip_from 205.251.249.0/24;
        set_real_ip_from 205.251.250.0/23;
        set_real_ip_from 205.251.252.0/23;
        set_real_ip_from 205.251.254.0/24;
        set_real_ip_from 216.137.32.0/19;
        # always put the following 2 lines in the bottom of ip list
        real_ip_header X-Forwarded-For;
        real_ip_recursive on;

[HOWTO] Get real IP coming via AWS CloudFront and ELB to nginx — Medium - https://medium.com/@pahud/get-real-ip-coming-via-aws-cloudfront-and-elb-to-nginx-d418e5070976