# AWS IP address ranges
<a name="aws-ip-ranges"></a>

AWS publishes its current IP address ranges in JSON format. With this information, you can identify traffic from AWS. You can also use this information to allow or deny traffic to or from some AWS services.

**Considerations**
+ We publish the IP address ranges for services that customers commonly use to perform egress filtering. We don't publish the IP address ranges for all services.
+ Services use their IP address ranges to communicate with other services or to communicate with a customer network.
+ The IP address ranges that you bring to AWS through bring your own IP addresses (BYOIP) are not included in the `.json` file. For more information, see [Advertise your address range through AWS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/byoip-onboard.html#byoip-advertise) in the *Amazon EC2 User Guide*.

Some services publish their address ranges using AWS-managed prefix lists. For more information, see [Available AWS-managed prefix lists](working-with-aws-managed-prefix-lists.md#available-aws-managed-prefix-lists).

**Topics**
+ [Download](#aws-ip-download)
+ [

## Egress control
](#aws-ip-egress-control)
+ [

## Geolocation feed
](#aws-ip-geo-ip-feed)
+ [Find address ranges](aws-ip-work-with.md)
+ [Syntax](aws-ip-syntax.md)
+ [Subscribe to notifications](subscribe-notifications.md)

## Download the JSON file
<a name="aws-ip-download"></a>

To view the current address ranges, download [ip-ranges.json](https://ip-ranges.amazonaws.com/ip-ranges.json). To maintain history, save successive versions of the JSON file on your own computer. To determine whether there have been changes since the last time that you saved the file, check the publication time in the current file and compare it to the publication time in the last file that you saved.

The following is an example **curl** command that saves the JSON file to the current directory.

```
curl -O https://ip-ranges.amazonaws.com/ip-ranges.json
```

If you access this file programmatically, it is your responsibility to ensure that the application downloads the file only after successfully verifying the TLS certificate presented by the server.

To receive notifications of updates to the JSON file, see [AWS IP address ranges notifications](subscribe-notifications.md).

## Egress control
<a name="aws-ip-egress-control"></a>

To allow resources you've created with one AWS service to only access other AWS services, you can use the IP address range information in the ip-ranges.json file to perform egress filtering. Ensure that the security group rules allow outbound traffic to the CIDR blocks in the AMAZON list. There are [quotas for security groups](amazon-vpc-limits.md#vpc-limits-security-groups). Depending on the number of IP address ranges in each Region, you might need multiple security groups per Region.

**Note**  
Some AWS services are built on EC2 and use EC2 IP address space. If you block traffic to EC2 IP address space, you block traffic to these non-EC2 services as well.

## Geolocation feed
<a name="aws-ip-geo-ip-feed"></a>

The IP address ranges in `ip-ranges.json` are by AWS Region. However, a Local Zone is not in the same physical location as its parent Region. The geolocation data published in [geo-ip-feed.csv](https://ip-ranges.amazonaws.com/geo-ip-feed.csv) accounts for Local Zones. The data follows [RFC 8805](https://datatracker.ietf.org/doc/html/rfc8805).

# Find the IP address ranges for AWS services
<a name="aws-ip-work-with"></a>

The AWS IP address range JSON file provided by AWS can be a valuable resource for finding the IP addresses of various AWS services and leveraging that information to enhance your network security and access control. By parsing the detailed data contained within this JSON file, you can precisely identify the IP address ranges associated with specific AWS services and Regions.

For example, you can utilize the IP address ranges to configure robust network security policies, setting up granular firewall rules to allow or deny access to certain AWS resources. This information can also be useful for a variety of AWS Network Firewall tasks. This level of control is crucial for protecting your applications and data, ensuring that only authorized traffic can reach the necessary AWS services. Additionally, having this IP intelligence can help you ensure your applications are properly configured to communicate with the right AWS endpoints, improving overall reliability and performance. 

Beyond just firewall rules, the `ip-ranges.json` file can also be leveraged to configure sophisticated egress filtering on your network infrastructure. By understanding the destination IP address ranges for different AWS services, you can set up routing policies or leverage advanced network security solutions like to selectively permit or block outbound traffic based on its intended destination. This egress control is essential for mitigating the risk of data leakage and unauthorized access.

It's important to note that the `ip-ranges.json` file is regularly updated, so maintaining an up-to-date local copy is crucial to ensure you have the most accurate and current information. By continuously leveraging the contents of this file, you can efficiently manage network access and security for your AWS-based applications, strengthening your overall cloud security posture.

The following examples can help you filter the AWS IP address ranges to just what you are looking for. On Linux, you can download and use the [the jq tool](https://stedolan.github.io/jq/) to parse a local copy of the JSON file. The [AWS Tools for Windows PowerShell](https://docs.aws.amazon.com/powershell/latest/userguide/) includes a cmdlet, [Get-AWSPublicIpAddressRange](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-AWSPublicIpAddressRange.html), that you can use to parse this JSON file. For more information, see the following blog: [Querying the Public IP Address Ranges for AWS](https://aws.amazon.com/blogs/developer/querying-the-public-ip-address-ranges-for-aws/).

To get the JSON file, see [Download the JSON file](aws-ip-ranges.md#aws-ip-download). For more information about the syntax of the JSON file, see [Syntax for AWS IP address range JSON](aws-ip-syntax.md).

**Topics**
+ [

## Get the file creation date
](#filter-ip-ranges-creation-date)
+ [

## Get the IP addresses for a specific Region
](#filter-ip-ranges-region)
+ [

## Get all IPv4 addresses
](#filter-ip-ranges-ipv4)
+ [

## Get all IPv4 addresses for a specific service
](#filter-ip-ranges-ipv4-service)
+ [

## Get all IPv4 addresses for a specific service in a specific Region
](#filter-ip-ranges-ipv4-service-region)
+ [

## Get all IPv6 addresses
](#filter-ip-ranges-ipv6)
+ [

## Get all IPv6 addresses for a specific service
](#filter-ip-ranges-ipv6-service)
+ [

## Get all IP addresses for a specific border group
](#filter-ip-ranges-border-group)

## Get the file creation date
<a name="filter-ip-ranges-creation-date"></a>

The following example gets the creation date of `ip-ranges.json`.

------
#### [ jq ]

```
$ jq .createDate < ip-ranges.json

"2024-08-01-17-22-15"
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange -OutputPublicationDate

Thursday, August 1, 2024 9:22:35 PM
```

------

## Get the IP addresses for a specific Region
<a name="filter-ip-ranges-region"></a>

The following example filters the JSON file for the IP addresses for the specified Region.

------
#### [ jq ]

```
$ jq '.prefixes[] | select(.region=="us-east-1")' < ip-ranges.json

{
  "ip_prefix": "23.20.0.0/14",
  "region": "us-east-1",
  "network_border_group": "us-east-1",
  "service": "AMAZON"
},
{
  "ip_prefix": "50.16.0.0/15",
  "region": "us-east-1",
  "network_border_group": "us-east-1",
  "service": "AMAZON"
},
{
  "ip_prefix": "50.19.0.0/16",
  "region": "us-east-1",
  "network_border_group": "us-east-1",
  "service": "AMAZON"
},
...
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange -Region us-east-1

IpPrefix        Region      NetworkBorderGroup         Service
--------        ------       -------                   -------
23.20.0.0/14    us-east-1    us-east-1                 AMAZON
50.16.0.0/15    us-east-1    us-east-1                 AMAZON
50.19.0.0/16    us-east-1    us-east-1                 AMAZON
...
```

------

## Get all IPv4 addresses
<a name="filter-ip-ranges-ipv4"></a>

The following example filters the JSON file for the IPv4 addresses.

------
#### [ jq ]

```
$ jq -r '.prefixes | .[].ip_prefix' < ip-ranges.json

23.20.0.0/14
27.0.0.0/22
43.250.192.0/24
...
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix

IpPrefix
--------
23.20.0.0/14
27.0.0.0/22
43.250.192.0/24
...
```

------

## Get all IPv4 addresses for a specific service
<a name="filter-ip-ranges-ipv4-service"></a>

The following example filters the JSON file for the IPv4 addresses for the specified service.

------
#### [ jq ]

```
$ jq -r '.prefixes[] | select(.service=="GLOBALACCELERATOR") | .ip_prefix' < ip-ranges.json

13.248.117.0/24
15.197.34.0/23
15.197.36.0/22
...
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange -ServiceKey GLOBALACCELERATOR | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix

IpPrefix
--------
13.248.117.0/24
15.197.34.0/23
15.197.36.0/22
...
```

------

## Get all IPv4 addresses for a specific service in a specific Region
<a name="filter-ip-ranges-ipv4-service-region"></a>

The following example filters the JSON file for the IPv4 addresses for the specified service in the specified Region.

------
#### [ jq ]

```
$ jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="GLOBALACCELERATOR") | .ip_prefix' < ip-ranges.json

13.248.124.0/24
99.82.166.0/24
99.82.171.0/24
...
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange -Region us-east-1 -ServiceKey GLOBALACCELERATOR | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix

IpPrefix
--------
13.248.117.0/24
99.82.166.0/24
99.82.171.0/24
...
```

------

## Get all IPv6 addresses
<a name="filter-ip-ranges-ipv6"></a>

The following example filters the JSON file for the IPv6 addresses.

------
#### [ jq ]

```
$ jq -r '.ipv6_prefixes | .[].ipv6_prefix' < ip-ranges.json

2a05:d07c:2000::/40
2a05:d000:8000::/40
2406:dafe:2000::/40
...
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv6"} | select IpPrefix

IpPrefix
--------
2a05:d07c:2000::/40
2a05:d000:8000::/40
2406:dafe:2000::/40
...
```

------

## Get all IPv6 addresses for a specific service
<a name="filter-ip-ranges-ipv6-service"></a>

The following example filters the JSON file for the IPv6 addresses for the specified service.

------
#### [ jq ]

```
$ jq -r '.ipv6_prefixes[] | select(.service=="GLOBALACCELERATOR") | .ipv6_prefix' < ip-ranges.json
                            
2600:1f01:4874::/47
2600:1f01:4802::/47
2600:1f01:4860::/47
2600:9000:a800::/40
...
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange -ServiceKey GLOBALACCELERATOR | where {$_.IpAddressFormat -eq "Ipv6"} | select IpPrefix

IpPrefix
--------
2600:1f01:4874::/47
2600:1f01:4802::/47
2600:1f01:4860::/47
2600:9000:a800::/40
...
```

------

## Get all IP addresses for a specific border group
<a name="filter-ip-ranges-border-group"></a>

The following example filters the JSON file for all IP addresses for the specified border group.

------
#### [ jq ]

```
$ jq -r '.prefixes[] | select(.network_border_group=="us-west-2-lax-1") | .ip_prefix' < ip-ranges.json
70.224.192.0/18
52.95.230.0/24
15.253.0.0/16
...
```

------
#### [ PowerShell ]

```
PS C:\> Get-AWSPublicIpAddressRange | where {$_.NetworkBorderGroup -eq "us-west-2-lax-1"} | select IpPrefix

IpPrefix
--------
70.224.192.0/18
52.95.230.0/24
15.253.0.0/16
...
```

------

# Syntax for AWS IP address range JSON
<a name="aws-ip-syntax"></a>

AWS publishes its current IP address ranges in JSON format. To get the JSON file, see [Download the JSON file](aws-ip-ranges.md#aws-ip-download). The syntax of the JSON file is as follows.

```
{
  "syncToken": "0123456789",
  "createDate": "yyyy-mm-dd-hh-mm-ss",
  "prefixes": [
    {
      "ip_prefix": "cidr",
      "region": "region",
      "network_border_group": "network_border_group",
      "service": "subset"
    }
  ],
  "ipv6_prefixes": [
    {
      "ipv6_prefix": "cidr",
      "region": "region",
      "network_border_group": "network_border_group",
      "service": "subset"
    }
  ]  
}
```

**syncToken**  
The publication time, in Unix epoch time format.  
Type: String  
Example: `"syncToken": "1416435608"`

**createDate**  
The publication date and time, in UTC YY-MM-DD-hh-mm-ss format.  
Type: String  
Example: `"createDate": "2014-11-19-23-29-02"`

**prefixes**  
The IP prefixes for the IPv4 address ranges.  
Type: Array

**ipv6\$1prefixes**  
The IP prefixes for the IPv6 address ranges.  
Type: Array

**ip\$1prefix**  
The public IPv4 address range, in CIDR notation. Note that AWS may advertise a prefix in more specific ranges. For example, prefix 96.127.0.0/17 in the file may be advertised as 96.127.0.0/21, 96.127.8.0/21, 96.127.32.0/19, and 96.127.64.0/18.  
Type: String  
Example: `"ip_prefix": "198.51.100.2/24"`

**ipv6\$1prefix**  
The public IPv6 address range, in CIDR notation. Note that AWS may advertise a prefix in more specific ranges.  
Type: String  
Example: `"ipv6_prefix": "2001:db8:1234::/64"`

**network\$1border\$1group**  
The name of the network border group, which is a unique set of Availability Zones or Local Zones from which AWS advertises IP addresses, or `GLOBAL`. Traffic for `GLOBAL` services can be attracted to or originate from multiple (up to all) Availability Zones or Local Zones from which AWS advertises IP addresses.  
Type: String  
Example: `"network_border_group": "us-west-2-lax-1"`

**region**  
The AWS Region or `GLOBAL`. Traffic for `GLOBAL` services can be attracted to or originate from multiple (up to all) AWS Regions.  
Type: String  
Valid values: `af-south-1` \$1 `ap-east-1` \$1 `ap-east-2` \$1 `ap-northeast-1` \$1 `ap-northeast-2` \$1 `ap-northeast-3` \$1 `ap-south-1` \$1 `ap-south-2` \$1 `ap-southeast-1` \$1 `ap-southeast-2` \$1 `ap-southeast-3` \$1 `ap-southeast-4` \$1 `ap-southeast-5` \$1 `ap-southeast-6` \$1 `ap-southeast-7` \$1 `ca-central-1` \$1 `ca-west-1` \$1 `cn-north-1` \$1 `cn-northwest-1` \$1 `eu-central-1` \$1 `eu-central-2` \$1 `eu-north-1` \$1 `eu-south-1` \$1 `eu-south-2` \$1 `eu-west-1` \$1 `eu-west-2` \$1 `eu-west-3` \$1 `il-central-1` \$1 `mx-central-1` \$1 `me-central-1` \$1 `me-south-1` \$1 `sa-east-1` \$1 `us-east-1` \$1 `us-east-2` \$1 `us-gov-east-1` \$1 `us-gov-west-1` \$1 `us-west-1` \$1 `us-west-2` \$1 `GLOBAL`  
Example: `"region": "us-east-1"`

**service**  
The subset of IP address ranges. The addresses listed for `API_GATEWAY` are egress only. Specify `AMAZON` to get all IP address ranges (meaning that every subset is also in the `AMAZON` subset). However, some IP address ranges are only in the `AMAZON` subset (meaning that they are not also available in another subset).  
Type: String  
Valid values: `AMAZON` \$1 `AMAZON_APPFLOW` \$1 `AMAZON_CONNECT` \$1 `API_GATEWAY` \$1 `AURORA_DSQL` \$1 `CHIME_MEETINGS` \$1 `CHIME_VOICECONNECTOR` \$1 `CLOUD9` \$1 `CLOUDFRONT` \$1 `CLOUDFRONT_ORIGIN_FACING` \$1 `CODEBUILD` \$1 `DYNAMODB` \$1 `EBS` \$1 `EC2` \$1 `EC2_INSTANCE_CONNECT` \$1 `GLOBALACCELERATOR` \$1 `IVS_LOW_LATENCY` \$1 `IVS_REALTIME` \$1 `KINESIS_VIDEO_STREAMS` \$1 `MEDIA_PACKAGE_V2` \$1 `ROUTE53` \$1 `ROUTE53_HEALTHCHECKS` \$1 `ROUTE53_HEALTHCHECKS_PUBLISHING` \$1 `ROUTE53_RESOLVER` \$1 `S3` \$1 `WORKSPACES_GATEWAYS`  
Example: `"service": "AMAZON"`

## Range overlaps
<a name="aws-ip-range-overlaps"></a>

The IP address ranges returned by any service code are also returned by the `AMAZON` service code. For example, all IP address ranges that are returned by the `S3` service code are also returned by the `AMAZON` service code.

When service A uses resources from service B, there are IP address ranges that are returned by the service codes for both service A and service B. However, these IP address ranges are used exclusively by service A, and can't be used by service B. For example, Amazon S3 uses resources from Amazon EC2, so there are IP address ranges that are returned by both the `S3` and `EC2` service codes. However these IP address ranges are used exclusively by Amazon S3. Therefore, the `S3` service code returns all IP address ranges that are used exclusively by Amazon S3. To identify the IP address ranges that are used exclusively by Amazon EC2, find the IP address ranges that are returned by the `EC2` service code but not the `S3` service code.

## Learn more
<a name="aws-ip-learn-more"></a>

This section provides links to additional information for different service codes.
+ `AMAZON_APPFLOW` – [IP address ranges](https://docs.aws.amazon.com/appflow/latest/userguide/general.html)
+ `AMAZON_CONNECT` – [Set up your network](https://docs.aws.amazon.com/connect/latest/adminguide/ccp-networking.html)
+ `CHIME_MEETINGS` – [Configuring for media and signaling](https://docs.aws.amazon.com/chime-sdk/latest/dg/network-config.html#media-signaling)
+ `CLOUDFRONT` – [Locations and IP address ranges of CloudFront edge servers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html)
+ `DYNAMODB` – [IP address ranges](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AccessingDynamoDB.html#Using.IPRanges)
+ `EC2` – [Public IPV4 addresses](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses)
+ `EC2_INSTANCE_CONNECT` – [EC2 Instance Connect prerequisites](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html#ec2-instance-connect-setup-security-group)
+ `GLOBALACCELERATOR` – [Location and IP address ranges of Global Accelerator edge servers](https://docs.aws.amazon.com/global-accelerator/latest/dg/introduction-ip-ranges.html)
+ `ROUTE53` – [IP address ranges of Amazon Route 53 servers](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-ip-addresses.html)
+ `ROUTE53_HEALTHCHECKS` – [IP address ranges of Amazon Route 53 servers](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-ip-addresses.html)
+ `ROUTE53_HEALTHCHECKS_PUBLISHING` – [IP address ranges of Amazon Route 53 servers](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-ip-addresses.html)
+ `WORKSPACES_GATEWAYS` – [PCoIP gateway servers](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html#gateway_IP)

## Release notes
<a name="aws-ip-release-notes"></a>

The following table describes updates to the syntax of `ip-ranges.json`. We also add new Region codes with each Region launch.


| Description | Release date | 
| --- | --- | 
| Added the IVS\$1LOW\$1LATENCY service code. | July 29, 2025 | 
| Added the AURORA\$1DSQL service code. | May 21, 2025 | 
| Added the IVS\$1REALTIME service code. | June 11, 2024 | 
| Added the MEDIA\$1PACKAGE\$1V2 service code. | May 9, 2023 | 
| Added the CLOUDFRONT\$1ORIGIN\$1FACING service code. | October 12, 2021 | 
| Added the ROUTE53\$1RESOLVER service code. | June 24, 2021 | 
| Added the EBS service code. | May 12, 2021 | 
| Added the KINESIS\$1VIDEO\$1STREAMS service code. | November 19, 2020 | 
| Added the CHIME\$1MEETINGS and CHIME\$1VOICECONNECTOR service codes. | June 19, 2020 | 
| Added the AMAZON\$1APPFLOW service code. | June 9, 2020 | 
| Add support for the network border group. | April 7, 2020 | 
| Added the WORKSPACES\$1GATEWAYS service code. | March 30, 2020 | 
| Added the ROUTE53\$1HEALTHCHECK\$1PUBLISHING service code. | January 30, 2020 | 
| Added the API\$1GATEWAY service code. | September 26, 2019 | 
| Added the EC2\$1INSTANCE\$1CONNECT service code. | June 26, 2019 | 
| Added the DYNAMODB service code. | April 25, 2019 | 
| Added the GLOBALACCELERATOR service code. | December 20, 2018 | 
| Added the AMAZON\$1CONNECT service code. | June 20, 2018 | 
| Added the CLOUD9 service code. | June 20, 2018 | 
| Added the CODEBUILD service code. | April 19, 2018 | 
| Added the S3 service code. | February 28, 2017 | 
| Added support for IPv6 address ranges. | August 22, 2016 | 
| Initial release | November 19, 2014 | 

# AWS IP address ranges notifications
<a name="subscribe-notifications"></a>

AWS publishes its current IP address ranges in JSON format. Whenever there is a change to the AWS IP address ranges, we send notifications to subscribers of the Amazon SNS topic named `AmazonIpSpaceChanged`. For more information about the syntax of the JSON file, see [Syntax for AWS IP address range JSON](aws-ip-syntax.md).

The payload of the notification contains information in the following format.

```
{
  "create-time":"yyyy-mm-ddThh:mm:ss+00:00",
  "synctoken":"0123456789",
  "md5":"6a45316e8bc9463c9e926d5d37836d33",
  "url":"https://ip-ranges.amazonaws.com/ip-ranges.json"
}
```

**create-time**  
The creation date and time.  
Notifications could be delivered out of order. Therefore, we recommend that you check the timestamps to ensure the correct order.

**synctoken**  
The publication time, in Unix epoch time format.

**md5**  
The cryptographic hash value of the `ip-ranges.json` file. You can use this value to check whether the downloaded file is corrupted.

**url**  
The location of the `ip-ranges.json` file. For more information, see [Download the JSON file](aws-ip-ranges.md#aws-ip-download).

You can subscribe to receive notifications as follows.

**To subscribe to AWS IP address range notifications**

1. Open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home).

1. In the navigation bar, change the Region to **US East (N. Virginia)**, if necessary. You must select this Region because the SNS notifications that you are subscribing to were created in this Region.

1. In the navigation pane, choose **Subscriptions**.

1. Choose **Create subscription**.

1. In the **Create subscription** dialog box, do the following:

   1. For **Topic ARN**, copy the following Amazon Resource Name (ARN):

      ```
      arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged
      ```

   1. For **Protocol**, choose the protocol to use (for example, `Email`).

   1. For **Endpoint**, type the endpoint to receive the notification (for example, your email address).

   1. Choose **Create subscription**.

1. You'll be contacted on the endpoint that you specified and asked to confirm your subscription. For example, if you specified an email address, you'll receive an email message with the subject line `AWS Notification - Subscription Confirmation`. Follow the directions to confirm your subscription.

Notifications are subject to the availability of the endpoint. Therefore, you might want to check the JSON file periodically to ensure that you've got the latest ranges. For more information about Amazon SNS reliability, see [https://aws.amazon.com/sns/faqs/#Reliability](https://aws.amazon.com/sns/faqs/#Reliability).

If you no longer want to receive these notifications, use the following procedure to unsubscribe.

**To unsubscribe from AWS IP address ranges notifications**

1. Open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home).

1. In the navigation pane, choose **Subscriptions**.

1. Select the check box for the subscription.

1. Choose **Actions**, **Delete subscriptions**.

1. When prompted for confirmation, choose **Delete**.

For more information about Amazon SNS, see the *[Amazon Simple Notification Service Developer Guide](https://docs.aws.amazon.com/sns/latest/dg/)*.