Skip to content
Samples for use of AWS CloudFront, including Lambda functions, and SDK usage examples.
Branch: master
Clone or download
rarylson and baldwinmatt Allow using custom tags in the security groups
Using a custom tag may be useful if we're already using the default
tags for other things. For example, if we're already using the tag
'Name' for cost allocation, or using the tag 'AutoUpdate' to update
packages via AWS Systems Manager.

To use a different (custom) tag, just set the corresponding environments

For example, you can set:


And then tag your security groups using the tags `X-Name`, `X-AutoUpdate` and
Latest commit cc25101 Nov 18, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Oct 20, 2015
NOTICE.txt Updated Lambda to properly handle the increasing number of CIDR range… Jun 4, 2018 Fix typo in Readme Aug 12, 2019


Samples for use of Amazon CloudFront, including Lambda functions, and SDK usage examples.


This AWS Lambda function is written in Python and can be used to automatically update EC2 security group ingress rules when CloudFront IP ranges change.

By subscribing this function to the SNS topic AmazonIpSpaceChanged your security groups that are properly tagged will be updated accordingly.

For more information on ip-ranges.json, read the documentation on AWS IP Address Ranges.

Copyright 2018, Inc. or its affiliates. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at

or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

You can’t perform that action at this time.