Ubuntu, iptables
sudo apt install jq wget
wget https://raw.githubusercontent.com/corbanworks/aws-blocker/master/aws-blocker
chmod +x aws-blocker
wget https://ip-ranges.amazonaws.com/ip-ranges.json
sudo ./aws-blocker < ip-ranges.json
sudo iptables -F AWS
Amazon's ip change frequently.
Since the list is hosted on amazon, we need to deactivate to update
sudo iptables -F AWS
rm ip-ranges.json
wget https://ip-ranges.amazonaws.com/ip-ranges.json
sudo ./aws-blocker < ip-ranges.json
If you want to allow a specific (set of) amazon ips, edit aws_blocker and as last line of the function
function create_and_flush_chain() {
add a line per exception:
iptables -A AWS -s ip.to.allow.anyway -j ACCEPT