How can I check if a source or a destination address is within one of the listed AWS CIDR blocks?
To accomplish this, you can use a lookup table. An example of this can be found in the documentation section "Example using CIDR matching through Panther Console".
You'll also find a suggested detection that can alert you if any VPC traffic comes from a source IP address outside of your company's allowed CIDR blocks.