If you’re using Route 53 health checks, you must ensure that your router and firewall rules allow inbound traffic from the IP addresses used by Route 53’s health checkers, so that Route 53 can access the endpoints that you specify in your health checks.
As we have explained earlier in our forum post [ https://forums.aws.amazon.com/ann.jspa?annID=1838 ], we are adding new IP ranges to the existing ranges.
The following is the list of existing IP ranges currently used by Route53 health checking service:
54.228.16.0/26
54.232.40.64/26
54.241.32.64/26
54.243.31.192/26
54.245.168.0/26
54.248.220.0/26
54.251.31.128/26
54.252.79.128/26
In addition to the list above, the following is the list of new IP ranges from which Route 53 will be conducting health checks:
54.183.255.128/26
54.244.52.192/26
54.250.253.192/26
54.252.254.192/26
54.255.254.192/26
107.23.255.0/26
176.34.159.192/26
177.71.207.128/26
Please ensure that the router / firewall rules for all of your endpoints that you are health checking with Route 53 are configured to allow incoming traffic from both existing and new IP ranges.