Securing IoT Rule HTTPS Endpoints with IP-Based Security

Anyone has an idea how to secure (IP Based, not Header/Auth) IoT Rule HTTPS End-points - seems that it has undefined pool of Ipv4 and IP’s are changing.

Does this help? https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html

That file has lists of subnets used and the service they’re used by.

Or perhaps I’m misunderstanding your question.

It’s to broad - I can get only Regional CIDRs there - that’s like opening whole region. But yeah, was first thing I checked in hopes to have service specific allocation

If only AWS would have aws managed IP prefix lists for all/most services …

That indeed would be very nice.

Currently only for R53 health checks and cloudfront origin last time I checked

Using both elsewhere but that’s untapped potential by aws to ease life for many scenarios

IP address rules are not really secure, so you can imagine why it doesn’t really make sense to implement that. Also IoT is often running somewhere you don’t control so a rules list makes even less sense there