Cloud IP Range Drift Monitor avatar

Cloud IP Range Drift Monitor

Pricing

from $2.00 / 1,000 monitor rows

Go to Apify Store
Cloud IP Range Drift Monitor

Cloud IP Range Drift Monitor

Monitor official AWS, Google, Cloudflare, GitHub, and Fastly IP range feeds for firewall allowlist and network perimeter drift.

Pricing

from $2.00 / 1,000 monitor rows

Rating

0.0

(0)

Developer

Defenestrator

Defenestrator

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

3 days ago

Last modified

Share

Monitor official public IP range feeds for cloud and SaaS providers, then produce decision-ready rows for firewall allowlist, egress policy, SIEM, WAF, and vendor-risk review workflows.

This Actor is not affiliated with AWS, Google, Cloudflare, GitHub, Fastly, or Apify. It fetches fixed official public endpoints and does not probe private networks or user-supplied URLs.

What it does

  • Fetches fixed official IP range feeds for:
    • AWS ip-ranges.json
    • Google Cloud cloud.json
    • Google goog.json
    • Cloudflare public IP API
    • GitHub Meta API
    • Fastly public IP list
  • Normalizes IPv4/IPv6 CIDR blocks into deterministic provider/service/region rows.
  • Compares the current feed to a previous OUTPUT.snapshot when supplied.
  • Emits provider summary rows plus added/removed CIDR rows.
  • Optionally highlights focus services/categories and regions.
  • Stores the next-run snapshot in OUTPUT.snapshot so scheduled/API workflows can pass it back on the next run.

Why run it repeatedly?

Cloud and SaaS IP ranges change without matching your firewall, WAF, CDN, partner VPN, SIEM, and outbound allowlist review calendar. A scheduled run catches changes before teams discover them through broken integrations or emergency firewall tickets.

Typical repeat-use loop:

  1. Run once to create a baseline snapshot.
  2. Copy OUTPUT.snapshot into the next run's previousSnapshot or previousSnapshotJson.
  3. Schedule recurring runs or call by API from a change-management workflow.
  4. Review only summary and delta rows unless you explicitly ask for full current prefix rows.

Input highlights

  • providers: choose any of aws, google-cloud, google, cloudflare, github, fastly.
  • previousSnapshot: previous OUTPUT.snapshot object for drift comparison.
  • previousSnapshotJson: same snapshot as text, useful for API callers.
  • focusServices: highlight categories such as actions, hooks, CLOUDFRONT, AMAZON, cloudflare-edge, or fastly-edge.
  • focusRegions: highlight scopes such as us-east-1, GLOBAL, or global.
  • includeCurrentPrefixes: push current prefix rows too. Leave false for cheap scheduled monitoring.

Output rows

Dataset rows use these row types:

  • SUMMARY: one row per provider, always emitted.
  • ADDED: prefix appears in current snapshot but not the previous snapshot.
  • REMOVED: prefix existed in the previous snapshot but not the current snapshot.
  • FOCUS_CURRENT: current prefix matching a focus service or region.
  • CURRENT: current prefix row when includeCurrentPrefixes=true.
  • ERROR: provider fetch/parse failure row when a source fails.

OUTPUT includes run-level counts and snapshot, which is the baseline object to preserve for the next run.

Pricing

This Actor uses Apify Pay Per Event (PPE) pricing:

  • apify-actor-start: $0.00005 per run start.
  • apify-default-dataset-item: $0.002 per dataset row (Monitor row).
  • Platform usage is included in the event price; users do not pay a separate platform-usage pass-through.
  • A dataset row is one monitored result, source, or drift-check row emitted by the Actor. Run cost scales with the number of rows produced and the limits you choose.

Use Apify's max total charge setting before starting a run if you want a hard spend cap.

Limitations

  • The Actor does not update your firewall or cloud account. It produces normalized rows and a snapshot for review/automation.
  • The Actor compares against a snapshot you provide; it does not automatically read previous private runs unless your workflow passes the prior snapshot back in.
  • Provider feeds can include overlapping prefixes under multiple services/categories. Rows are keyed by provider + service/category + region/scope + prefix.
  • This is not a security guarantee, availability guarantee, or legal/compliance opinion. Verify critical allowlist changes against the official provider source before production changes.
  • Azure Service Tags are not included in this build because the stable public JSON URL discovery path needs separate QA before inclusion.

Responsible use

Use this for your own network operations, vendor-risk monitoring, and change-management workflows. Do not use it to infer affiliation, availability, or security posture beyond the official public feed data.