You should ask for the specific public IPs or domain names of the resources you need to test. These may include:
1. Instances with Public IPs
• EC2 instances that have public IPs (either auto-assigned or Elastic IPs)
• Request the exact public IPs that you'll need to test
2. Elastic IPs (EIPs)
• Ask the client to provide all EIPs associated with their public-facing resources
• Elastic IPs are static public IPs that remain constant, simplifying the testing process
3. NAT Gateways
• Request the NAT Gateway's public IP if private subnets use it for outbound internet access
• This helps identify any misconfigurations in outbound traffic filtering
4. Load Balancers
• Public-facing Elastic Load Balancers (ELBs) use their own public IPs or DNS names
• Obtain the ELB's public-facing DNS names and confirm they're within the testing scope
5. Public IPs from DNS Records
• For DNS-accessible resources like web servers, request both DNS names and their corresponding public IPs
6. Other Public-Facing Services
• Consider API Gateways, CloudFront distributions (with custom public IPs), and any other services using public IPs