diff --git a/docs/gw-aws-audit.8 b/docs/gw-aws-audit.8
index b9e4023..232f5a4 100644
--- a/docs/gw-aws-audit.8
+++ b/docs/gw-aws-audit.8
@@ -74,6 +74,9 @@ cidr
 .IP \(bu 2
 port
 \[la]#port\[ra]
+.IP \(bu 2
+amazon
+\[la]#amazon\[ra]
 
 .RE
 
@@ -263,7 +266,10 @@ with your VPC.
 \fB\-\-approved, \-a\fP="": CIDR blocks that are approved (csv)
 
 .PP
-\fB\-\-ignore\-ports, \-p\fP="": Ports that can be ignored (csv) (default: 80,443,3)
+\fB\-\-ignore\-ports, \-p\fP="": Ports that can be ignored (csv) (default: 80,443,3,4,3\-4)
+
+.PP
+\fB\-\-ignore\-protocols\fP="": Protocols to ignore. Can be tcp,udp,icmp (csv)
 
 .PP
 \fB\-\-warn, \-w\fP="": CIDR blocks that will cause a warning (csv) (default: 204.0.0.0/8)
@@ -295,12 +301,29 @@ with your VPC.
 .PP
 \fB\-\-approved, \-a\fP="": CIDR blocks that are approved (csv)
 
+.PP
+\fB\-\-ignore\-protocols\fP="": Protocols to ignore. Can be tcp,udp,icmp (csv)
+
 .PP
 \fB\-\-ports, \-p\fP="": Ports to generate report on (csv) (default: 22)
 
 .PP
 \fB\-\-warn, \-w\fP="": CIDR blocks that will cause a warning (csv) (default: 204.0.0.0/8)
 
+.SS amazon
+.PP
+generate a report of allow SG with rules mapped to known AWS IPs
+
+.PP
+.RS
+
+.nf
+This method loads the current version of https://ip\-ranges.amazonaws.com/ip\-ranges.json
+and compares the CIDR blocks against all Security Groups.
+
+.fi
+.RE
+
 .SH cw
 .PP
 CloudWatch related commands
diff --git a/docs/gw-aws-audit.md b/docs/gw-aws-audit.md
index 7d9b32f..59aba1c 100644
--- a/docs/gw-aws-audit.md
+++ b/docs/gw-aws-audit.md
@@ -23,6 +23,7 @@ gw-aws-audit
     - [attached](#attached)
     - [cidr](#cidr)
     - [port](#port)
+    - [amazon](#amazon)
 - [cw](#cw)
     - [enhanced-monitoring](#enhanced-monitoring)
 - [install-manpage](#install-manpage)
@@ -153,7 +154,9 @@ with your VPC.
 
 **--approved, -a**="": CIDR blocks that are approved (csv)
 
-**--ignore-ports, -p**="": Ports that can be ignored (csv) (default: 80,443,3)
+**--ignore-ports, -p**="": Ports that can be ignored (csv) (default: 80,443,3,4,3-4)
+
+**--ignore-protocols**="": Protocols to ignore. Can be tcp,udp,icmp (csv)
 
 **--warn, -w**="": CIDR blocks that will cause a warning (csv) (default: 204.0.0.0/8)
 
@@ -176,10 +179,21 @@ with your VPC.
 
 **--approved, -a**="": CIDR blocks that are approved (csv)
 
+**--ignore-protocols**="": Protocols to ignore. Can be tcp,udp,icmp (csv)
+
 **--ports, -p**="": Ports to generate report on (csv) (default: 22)
 
 **--warn, -w**="": CIDR blocks that will cause a warning (csv) (default: 204.0.0.0/8)
 
+### amazon
+
+generate a report of allow SG with rules mapped to known AWS IPs
+
+```
+This method loads the current version of https://ip-ranges.amazonaws.com/ip-ranges.json
+and compares the CIDR blocks against all Security Groups.
+```
+
 ## cw
 
 CloudWatch related commands