Block all AWS traffic to a server

AWS servers are cheap and plentiful. Unfortunately this makes them the frequent source of screen scrapers. My servers aren’t running on AWS, and there isn’t any legitimate reason for an AWS server to be talking to my servers, so I decided to just block all AWS traffic.

You can get my AWS Blocker bash script on GitHub. It is free and public domain.

Amazon publishes a list of AWS IP ranges in JSON format. The bash script uses curl to download this file, then jq to parse it. It then adds each range to iptables, rejecting any connections made from an AWS IP.

The script is safe to run as many times as you want. It only takes a few seconds to run. The AWS rules are put in their own chain, and the chain is flushed before running. I’d recommend running the script as a cron.


  1. Thanks for this. Recently bad bots from Amazon had started randomly flooding and overwhelming my server. Will be interesting to see how much the normal load is reduced by…

  2. I always get “compile errors” with this script.

    error: join is not defined
    [ .ipv6_prefixes[] ] | group_by(.ipv6_prefix) | map({ “ip”: .[0].ipv6_prefix, “regions”: map(.region) | unique, “services”: map(.service) | unique }) | .[] | .ip + ” \”” + (.regions | sort | join (“, “)) + “\” \”” + (.services | sort | join (“, “)) + “\””

    I get several – every instance of “join” returns the compile error. Centos 6. Been looking into it and can’t see what’s wrong – the script is being run as-is.

    • Hi tony, I get the same error on ubuntu, and it works on a different machine. did you find a solution?

Leave a Reply

Your email address will not be published. Required fields are marked *