Genesys Cloud CX

 View Only
Discussion Thread View
  • 1.  Why do we need to allow so many Amazon/AWS IP addresses?

    Posted 01-30-2023 08:30
    Source: Why do we need to allow so many Amazon/AWS IP addresses? - Genesys Cloud Resource Center (

    Is there a way to secure the large IP range needed, we're opening up our firewall to all AWS regions.
    If a malicious service is spun up on that AWS region there is no way to monitor or restrict access

    We have had a look at CIDR and Force Turn Servers but WebRTC's still need to perform signaling on port 443, does signaling get limited to the CIDR ranges or does it need the full AWS region addresses

    Are there not generic CNAME's we can use for services?

    Another firewall concern is access to * needed for call recordings

    Any help on how we can limit and secure this traffic would be very helpful

    Louis Creely
    AJ Bell Youinvest

  • 2.  RE: Why do we need to allow so many Amazon/AWS IP addresses?

    Top 25 Contributor
    Posted 02-20-2023 12:21

    That is kind of a misnomer.  You don't need to open the world to your internal services.  Most of everything in Genesys Cloud uses port 443 to communicate to the cloud and that is normally open to every site anyway.  As for the media ports, that is a defined group of IP's called the CIDR block and that needs to be allowed for the WebRTC and other communication between users and the cloud.  These are found here:  CIDR IP address range expansion for cloud media services - Genesys Cloud Resource Center (  Most of the other services like data actions and SIP addressed are defined in the resource center. 

    Robert Wakefield-Carl
    TTEC Digital, LLC fka Avtex Solutions, LLC
    Contact Center Innovation Architect

Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources