- Newest
- Most votes
- Most comments
Restrictions to external traffic can be limited by outbound rules in security groups and network ACLs.
In addition, AWS Network Firewall can be used to configure filtering by domain name, like a proxy server.
https://docs.aws.amazon.com/ja_jp/network-firewall/latest/developerguide/suricata-examples.html#suricata-example-domain-filtering
Inbound control,Control from NLB to EC2, but security groups cannot be set in NLB.
Therefore, it is necessary to set the necessary security group rules for EC2.
The current functionality of AWS NLB does not include support for security groups.
However, you have several alternatives to enhance the security of your NLB. You can leverage:
- Amazon VPC NACLs
- AWS Network Firewall
- Utilize a marketplace firewall in conjunction with AWS Gateway Load Balancer to implement varying levels of protection for your NLB.
Another option is that Application Load Balancers do offer support for security groups as part of their feature set.
Hope it helps.
Relevant content
- How does the "preserve client IP" with a public NLB works targeting an instance on an intra subnet ?Accepted Answerasked a month ago
- asked 5 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago