Services hosted with AWS

The EcoShot services are hosted in AWS and normally in the eu-west-1 region. For complete access to EcoShot services customers should allow access to API Gateway, Cloudfront, and S3. These are all accessed via HTTPS (TCP port 443).

AWS provides details of the network prefixes for their services in JSON format: https://ip-ranges.amazonaws.com/ip-ranges.json

You can find the current prefixes for the services EcoShot uses as follows:

curl --silent https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region=="eu-west-1") | select(.service=="API_GATEWAY") | .ip_prefix'

108.128.160.0/23
108.128.162.0/24
3.248.245.0/24
3.248.246.0/23
3.251.56.0/24
3.251.62.128/25

curl --silent https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region=="eu-west-1") | select(.service=="CLOUDFRONT") | .ip_prefix'

18.200.212.0/23
52.212.248.0/26

curl --silent https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region=="eu-west-1") | select(.service=="S3") | .ip_prefix'

3.5.72.0/23
52.218.0.0/17
52.92.40.0/21
3.5.64.0/21
54.231.128.0/19

Hostnames accessed by EcoShot Image Hub v2

If your organization is filtering by host name (rather than IP address), you need to add the following host names to an allow list:

  • ecoshot-imagehub.metail.net (static assets, including HTML and Javascript)

  • cognito-idp.eu-west-1.amazonaws.com (authentication and password management)

  • 0u31p6johd.execute-api.eu-west-1.amazonaws.com (EcoShot API)

  • dynamodb.eu-west-1.amazonaws.com (EcoShot database)

  • ecoshot2-live-customer-images.s3.eu-west-1.amazonaws.com (thumbnails and renders)

  • ecoshot2-live-customer-uploads.s3.eu-west-1.amazonaws.com (attachments)

  • ecoshot2-live-customer-uploads-ap-east-1.s3.ap-east-1.amazonaws.com (attachments)

  • ecoshot-assets.s3.eu-west-1.amazonaws.com (plugin download)

  • s3.eu-west-1.amazonaws.com (S3 metadata service)

  • fonts.googleapis.com (fonts loaded by the CSS)

  • www.google-analytics.com (Analytics events)

Hostnames accessed by EcoShot Plugin for VStitcher v2

The following hostnames must be added to an allow list for full functionality of the EcoShot Plugin:

  • cognito-idp.eu-west-1.amazonaws.com (authentication)

  • ecoshot2-live-customer-uploads.s3.eu-west-1.amazonaws.com (image request uploads)

  • ecoshot2-live-customer-uploads-ap-east-1.s3.ap-east-1.amazonaws.com (image request uploads)

  • ecoshot-assets.s3.eu-west-1.amazonaws.com (avatars and images)

  • 0u31p6johd.execute-api.eu-west-1.amazonaws.com (EcoShot API)

  • dynamodb.eu-west-1.amazonaws.com (EcoShot database)

  • www.google-analytics.com (Analytics events)


Prior EcoShot v1 hostnames (legacy)

Hostnames accessed by EcoShot Image Hub v1

If your organization is filtering by host name (rather than IP address), you need to add the following host names to an allow list:

  • ecoshot-hub.metail.net (static assets, including HTML and Javascript)

  • cognito-idp.eu-west-1.amazonaws.com (authentication and password management)

  • kd6whfxi37.execute-api.eu-west-1.amazonaws.com (Image Hub API)

  • ecoshot-renders-live.s3.eu-west-1.amazonaws.com (thumbnails and renders)

  • ecoshot-assets.s3.eu-west-1.amazonaws.com (plugin download)

  • fonts.googleapis.com (fonts loaded by the CSS)

Hostnames accessed by EcoShot Plugin for VStitcher v1

The following hostnames must be added to an allow list for full functionality of the EcoShot Plugin:

  • ecoshot-renders-live.s3.eu-west-1.amazonaws.com (image request uploads)

  • ecoshot-assets.s3.eu-west-1.amazonaws.com (avatars and images)

  • sfeugjnmse.execute-api.eu-west-1.amazonaws.com (EcoShot Plugin API)

Did this answer your question?