Bubble public IPs for API calls

I am running a server on AWS that listens for API calls from my Bubble app.

For security reasons I want to restrict the IP ranges that can talk to my AWS server. I just want the back end of my Bubble app to make the calls.

Is there a published list of Bubble IP ranges?

Not really. This feature is only available if you have a dedicated plan.

Bummer. I’ve implemented header security for APIs so hopefully not a huge deal, but it would have been nice to be able to lock it down further.

Do we know if Bubble uses, for instance, AWS, and I could just whitelist all AWS IP space? Obviously with this method an attacker could use an AWS intermediary, but it would still add some degree of extra protection.