Launch announcement: Network Load Balancer now supports security groups

We are happy to announce that Network Load Balancers (NLB) now supports security groups, enabling you to filter the traffic that your NLB accepts and forwards to your application. Using security groups, you can configure rules to help ensure that your NLB only accepts traffic from trusted IP addresses, and centrally enforce access control policies. This improves your application's security posture and simplifies operations.

NLB support for security groups provides new capabilities to help keep your workloads secure. With this launch, cloud administrators and security teams can enforce security group inbound rules, even when the load balancer converts IPv6 traffic to IPv4 or when the targets are in peered VPCs. Additionally, using security group referencing, application owners can restrict access to resources, ensuring that clients access them only through the load balancer. This can help prevent imbalanced load distribution due to direct client access.

If you are using Kubernetes, you can enable security groups on your NLB by using AWS Load Balancer controller version 2.6.0 or later. Enabling NLB security groups using the controller enhances the nodes' security, as inbound rules can be simplified by referencing the NLB security groups. It also provides scaling improvements, as the controller keeps a constant number of security group rules per cluster.

To learn more, please visit the NLB documentation page.