Home > Endpoint Management > Other Topics > Determining IP address ranges needed for *.amazon.com (s3.amazon.com)

Determining IP address ranges needed for *.amazon.com (s3.amazon.com)

Table of contents
No headers

System Manager networks require communication with *.amazon.com through the upstream firewall. Features such as mobile configurations, deployment profiles, and temporary copies of software installation files are stored securely on Amazon servers for each Systems manager network. Without this access, these settings and files will not be pushed to the device. In case an upstream filter or security policy does not allow firewall rules by domain name, the IP address of the Amazon Cloud instance can be found using the following instructions from on-site. Since these IP addresses will differ with geographical location, this cannot be from a remote machine. 

Note: Each mobile device needs to be able to individually access Amazon. If the device connects through a network that does not allow access to Amazon, updates requiring that storage will be postponed until connectivity is established.

1. Find the IP address of s3.amazonaws.com

2. Run a whois on that IP address

3. The IP range Amazon uses will display

1. Find the IP address of s3.amazonaws.com

Using a tool such as dig or nslookup in Command Prompt, find the IP address of s3.amazonaws.com. Both Windows 7 and Mac OS X have nslookup by default, as shown below. 


2. Run a whois

Using the whois command, or an external page such as ARIN, look up the IP address from step 1 to determine the IP address range that is used. The NetRange field indicated the range of addresses, and the CIDR field provides a CIDR notation for this range, which may be needed in some firewalls.


3. Add the IP range to an upstream firewall

This displayed range contains the public-facing IP addresses Amazon uses for the S3 cloud in your area. Again, these vary based on geography, so ensure this test is run on-site. With this IP range determined, simply add a rule in any upstream firewall device. If that device is an MX Security Appliance, then information on creating rules of this type can be found here. For third-party devices, please refer to the product documentation.

Utilizing Amazon's cloud technology allows us to adapt faster and better to storage needs, making for a better experience using the System Manager product. With a firewall rule created, and traffic uninhibited, software installations, configuration storage, and deployment profiles can be used with ease.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1278

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community