Block all AWS traffic to a server

Jacob Allred
#web-dev

AWS servers are cheap and plentiful. Unfortunately this makes them the frequent source of screen scrapers. My servers aren’t running on AWS, and there isn’t any legitimate reason for an AWS server to be talking to my servers, so I decided to just block all AWS traffic.

You can get my AWS Blocker bash script on GitHub. It is free and public domain.

Amazon publishes a list of AWS IP ranges in JSON format. The bash script uses curl to download this file, then jq to parse it. It then adds each range to iptables, rejecting any connections made from an AWS IP.

The script is safe to run as many times as you want. It only takes a few seconds to run. The AWS rules are put in their own chain, and the chain is flushed before running. I’d recommend running the script as a cron.