Unwanted endpoints are invoking the application deployed in EC2

Question

Hello Team,

In EC2, I have deployed a flask application with port 8000. For security, I am converting the http requests to https requests using application load balancer and route 53.

I configured the security groups to allow only http (8000) and https (443) and source is 0.0.0.0/0. I have applied same security group to load balancer.

In Network ACL, I am allowing all traffic.

The issue is:

some unwanted/not configured IP address endpoints are hitting my application. lets say, I have configured the ec2 to 12.23.42.23 and configured domain requests (https://example.com/api/hit), but ec2 is allowing other IP addresses (32.43.23.23). I see many not configured IP address calls are hitting the application.

So, I am tried to restrict the Network ACL to allow only 8000 and 443. But no requests being reached to server.

Please help with the details what is the security group for ec2 and load balancer to be used. and also network ACL to allow only 12.23.42.23 and configured domain requests (https://example.com/api/hit)

Answer

Use a different SG for the ELB (TCP 8000 from 0.0.0.0/0) than the EC2 Instances (TCP 8000 from the ELB SG). This will force all traffic through the ELB. You don't need to adjust the NACL to make this work.

Answer

Thanks for the response Kentrad.

I have used different SG for the ELB still I see unwnated endpoints are hitting the application.

I want to you tell the configuration used in EC2 SG, ELB SG, NACL and ELB listeners.

EC2 SG Inbound:
 ![EC2 SG Inbound Rules](/media/postImages/original/IMVN3pb2M-QpiWLJ32mzjC4A)

ELB SG:
![Application Load Balancer SG](/media/postImages/original/IMRNgckL7jSW6GPPAL0w1e9w)

ELB Listeners:
![Application Load Balancer Listeners](/media/postImages/original/IMmWhc-qSVSeqm7cIsSI3bhA)

Unwanted endpoints are invoking the application deployed in EC2

Contenuto pertinente