Cloud IP Range Drift Monitor
Pricing
from $2.00 / 1,000 monitor rows
Cloud IP Range Drift Monitor
Monitor official AWS, Google, Cloudflare, GitHub, and Fastly IP range feeds for firewall allowlist and network perimeter drift.
Pricing
from $2.00 / 1,000 monitor rows
Rating
0.0
(0)
Developer
Defenestrator
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
3 days ago
Last modified
Categories
Share
Monitor official public IP range feeds for cloud and SaaS providers, then produce decision-ready rows for firewall allowlist, egress policy, SIEM, WAF, and vendor-risk review workflows.
This Actor is not affiliated with AWS, Google, Cloudflare, GitHub, Fastly, or Apify. It fetches fixed official public endpoints and does not probe private networks or user-supplied URLs.
What it does
- Fetches fixed official IP range feeds for:
- AWS
ip-ranges.json - Google Cloud
cloud.json - Google
goog.json - Cloudflare public IP API
- GitHub Meta API
- Fastly public IP list
- AWS
- Normalizes IPv4/IPv6 CIDR blocks into deterministic provider/service/region rows.
- Compares the current feed to a previous
OUTPUT.snapshotwhen supplied. - Emits provider summary rows plus added/removed CIDR rows.
- Optionally highlights focus services/categories and regions.
- Stores the next-run snapshot in
OUTPUT.snapshotso scheduled/API workflows can pass it back on the next run.
Why run it repeatedly?
Cloud and SaaS IP ranges change without matching your firewall, WAF, CDN, partner VPN, SIEM, and outbound allowlist review calendar. A scheduled run catches changes before teams discover them through broken integrations or emergency firewall tickets.
Typical repeat-use loop:
- Run once to create a baseline snapshot.
- Copy
OUTPUT.snapshotinto the next run'spreviousSnapshotorpreviousSnapshotJson. - Schedule recurring runs or call by API from a change-management workflow.
- Review only summary and delta rows unless you explicitly ask for full current prefix rows.
Input highlights
providers: choose any ofaws,google-cloud,google,cloudflare,github,fastly.previousSnapshot: previousOUTPUT.snapshotobject for drift comparison.previousSnapshotJson: same snapshot as text, useful for API callers.focusServices: highlight categories such asactions,hooks,CLOUDFRONT,AMAZON,cloudflare-edge, orfastly-edge.focusRegions: highlight scopes such asus-east-1,GLOBAL, orglobal.includeCurrentPrefixes: push current prefix rows too. Leave false for cheap scheduled monitoring.
Output rows
Dataset rows use these row types:
SUMMARY: one row per provider, always emitted.ADDED: prefix appears in current snapshot but not the previous snapshot.REMOVED: prefix existed in the previous snapshot but not the current snapshot.FOCUS_CURRENT: current prefix matching a focus service or region.CURRENT: current prefix row whenincludeCurrentPrefixes=true.ERROR: provider fetch/parse failure row when a source fails.
OUTPUT includes run-level counts and snapshot, which is the baseline object to preserve for the next run.
Pricing
This Actor uses Apify Pay Per Event (PPE) pricing:
apify-actor-start:$0.00005per run start.apify-default-dataset-item:$0.002per dataset row (Monitor row).- Platform usage is included in the event price; users do not pay a separate platform-usage pass-through.
- A dataset row is one monitored result, source, or drift-check row emitted by the Actor. Run cost scales with the number of rows produced and the limits you choose.
Use Apify's max total charge setting before starting a run if you want a hard spend cap.
Limitations
- The Actor does not update your firewall or cloud account. It produces normalized rows and a snapshot for review/automation.
- The Actor compares against a snapshot you provide; it does not automatically read previous private runs unless your workflow passes the prior snapshot back in.
- Provider feeds can include overlapping prefixes under multiple services/categories. Rows are keyed by provider + service/category + region/scope + prefix.
- This is not a security guarantee, availability guarantee, or legal/compliance opinion. Verify critical allowlist changes against the official provider source before production changes.
- Azure Service Tags are not included in this build because the stable public JSON URL discovery path needs separate QA before inclusion.
Responsible use
Use this for your own network operations, vendor-risk monitoring, and change-management workflows. Do not use it to infer affiliation, availability, or security posture beyond the official public feed data.