Limit access to MWAA Public Environment UI

I set up a public mwaa environment but i want to limit UI access to only specific IP range I tried to remove everything from the inbound security group that mwaa public environment is using but it is still accessible from the public internet, removing it also caused scheduler to crash but i added 5432 port and it is fixed, that is the only inbound rule that the environment has I am probably missing sth but not sure what Is it possible to limit access to UI ? Thanks

주제

네트워킹 및 콘텐츠 전송 애플리케이션 통합 AWS Well-Architected 프레임워크

태그

아마존 VPC 네트워킹 및 콘텐츠 전송 아파치 에어플로우용 아마존 관리형 워크플로(MWAA)보안 보안 그룹

언어

English

rePost-User-3422586

질문됨 일 년 전287회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

You may limit MWAA UI access using IAM's SourceIp condition: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_IPAddress

John_J

답변함 일 년 전

john
일 년 전
I got an error though

Private IP Address: aws:SourceIp works only for public IP address ranges. The values for condition key aws:SourceIp include only private IP addresses and will not have the desired effect. Update the value to include only public IP addresses

For my private environment there is a route table addressing

Destination lets say 10.1.0.0/16 Target tgw-....

I want to limit my public UI access to only that private ip range

Limit access to MWAA Public Environment UI

관련 콘텐츠