Cloud Provider IP Blocking

FastAPI Guard can automatically detect and block requests from major cloud providers. The IP ranges for these providers are only loaded when cloud blocking is enabled, improving startup performance.

---

Supported Providers

Currently supported cloud providers:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure

---

Basic Configuration

Enable cloud provider IP blocking:

config = SecurityConfig(
    block_cloud_providers={"AWS", "GCP", "Azure"}
)

---

Selective Blocking

Block specific providers:

config = SecurityConfig(
    block_cloud_providers={"AWS"}  # Only block AWS IPs
)

---

IP Range Updates

Cloud IP ranges are refreshed automatically at a configurable interval (default: 1 hour). You can adjust the refresh interval:

config = SecurityConfig(
    block_cloud_providers={"AWS", "GCP", "Azure"},
    cloud_ip_refresh_interval=1800,  # Refresh every 30 minutes
)

Valid range: 60 to 86400 seconds (1 minute to 24 hours).

When IP ranges are refreshed, changes are logged automatically:

Cloud IP range update for AWS: +12 added, -3 removed

You can also manually trigger a refresh:

from guard import cloud_handler

cloud_handler.refresh()

---

Provider Status

Track when each provider's IP ranges were last refreshed:

from guard import cloud_handler

for provider in ("AWS", "GCP", "Azure"):
    updated = cloud_handler.last_updated[provider]
    if updated:
        print(f"{provider}: last updated {updated.isoformat()}")
    else:
        print(f"{provider}: not yet loaded")

---

Custom IP Checking

Check if an IP belongs to a cloud provider:

from guard import cloud_handler

@app.get("/check-cloud/{ip}")
async def check_cloud_ip(ip: str):
    is_cloud = cloud_handler.is_cloud_ip(
        ip,
        providers={"AWS", "GCP", "Azure"}
    )
    return {"ip": ip, "is_cloud": is_cloud}