Powershell script to create Windows Firewall rules for blocking Amazon networks.

!Amazonaws WF rules

!Amazonaws WF rules

block_amazonaws.ps1

# Define the URL for the official AWS IP ranges
$AWS_IP_URL = "https://ip-ranges.amazonaws.com/ip-ranges.json"
$RuleName = "Block-Amazon-Networks"

Write-Host "Fetching latest AWS IP ranges..." -ForegroundColor Cyan
try {
    $Response = Invoke-RestMethod -Uri $AWS_IP_URL
    
    # Filter for IPv4 prefixes. 
    $Subnets = $Response.prefixes | Where-Object { $_.service -eq "AMAZON" } | Select-Object -ExpandProperty ip_prefix -Unique
    
    Write-Host "Found $($Subnets.Count) subnets to block." -ForegroundColor Yellow

    # Check if the rule already exists
    $ExistingRule = Get-NetFirewallRule -DisplayName $RuleName -ErrorAction SilentlyContinue

    if ($ExistingRule) {
        Write-Host "Updating existing firewall rule..." -ForegroundColor Cyan
        Set-NetFirewallRule -DisplayName $RuleName -RemoteAddress $Subnets
    } else {
        Write-Host "Creating new firewall rule..." -ForegroundColor Cyan
        New-NetFirewallRule -DisplayName $RuleName `
                            -Direction Inbound `
                            -Action Block `
                            -RemoteAddress $Subnets `
                            -Description "Blocks all IP from Amazon/AWS ranges"
        
        New-NetFirewallRule -DisplayName "$RuleName-Out" `
                            -Direction Outbound `
                            -Action Block `
                            -RemoteAddress $Subnets
    }

    Write-Host "Success" -ForegroundColor Green
}
catch {
    Write-Error "Failed to download or apply IP ranges: $($_.Exception.Message)"
}