Amazon publishes a list of the IP addresses they control here: https://ip-ranges.amazonaws.com/ip-ranges.json . What follows is a way to prevent yourself / the websites you visit from reaching out to AWS machines. Spoiler alert: The internet becomes pretty unusable. For Linux see: https://github.com/corbanworks/aws-blocker
This is for OSX - specifically using their builtin packet filter PF. You will also need a JSON processor called JQ. I used Homebrew to install it
xcode-select --installruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"brew install jq
- Clone this repository
cd fuck-off-aws/scriptschmod +x build.sh start-blocking.sh stop.sh- create or edit the file:
/etc/pf.conf, and add this line to the end of it:block out log from any to <aws> sudo ./build.sh<- all scripts must be run as a superuser :(. This script will find the most recent list of Amazon IPs, and set up a filter using PF to block and log all traffic from your machine to those IP addresses. This will also block any third party content, images, or fonts that are served by AWS.
sudo ./start-blocking.sh<- this will enable your packet filter. It will also log all blocked traffic to an interface, and read those packets using tcpdump. To log to a file runsudo start-blocking.sh > log.txtsudo ./stop.sh<- will disable your packet filter.
Even when you stop running the start-blocking.sh you will need to run the sudo ./stop.sh command to fully disable the filter.
Also this was adapted from https://github.com/corbanworks/aws-blocker/blob/master/aws-blocker
vpn-server.shis meant to be run on a VPN server. This will block all connected clients' requests to aws