block_ip
Block or unblock an IP address across AWS environments by automatically choosing the most effective layer—WebACL, security group, NACL, or host—for reliable traffic control.
Instructions
Block (or unblock) an IP/CIDR at the layer that actually works. Resolves the best layer for 'site' (WebACL/ALB ARN or instance): prefers the WebACL (sees the real client IP behind an ALB), falls back to a configured SG/NACL, and otherwise recommends the host layer rather than silently editing the firewall. Reversible. DANGEROUS — confirm with the user first.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ip | Yes | IP address or CIDR to block/unblock. | |
| site | Yes | WebACL ARN, ALB ARN, or instance id/name. | |
| action | No | 'block' or 'unblock'. | block |
| region | No | AWS region override. |