How can we block IP in Security Group where we allowed icmp,http,https to all, should not block in vpc also implement role to instance any other solution

Question

I am having one web server, particular ip is hitting contiously due to which CPU utilization is more and server is running down time.
wants to block the ip in Security Group which is not possible, Iam role and policy but not getting blocked 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "*",
      "Resource": "*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "xxxx/32"
        },
        "StringEquals": {
          "aws:SourceVpc": "vpc-xxxx2ee5fa"
        }
      }
    }
  ]
}
Not working with above policy also.
also we need icmp,http,https to 0.0.0.0/0

Accepted Answer

According to me the solution for this is to connect to the EC2 instance and drop the ip using the command
#Check for IP tables

sudo iptables -A INPUT -s  -j DROP

sudo service iptables save

# Block an IP using firewalld
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="" drop'
sudo firewall-cmd --reload

by following above steps we have block the IP 
tail -f /var/log/httpd/access_log     # to check ip status

But if in the security group if AWS allows us to Drop an option in a custom where we can give the required ip i will be easier but this option we cant find.

Answer

create a rule in your Network Access Control List to deny traffic from that IP

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

How can we block IP in Security Group where we allowed icmp,http,https to all, should not block in vpc also implement role to instance any other solution

Block an IP using firewalld

관련 콘텐츠