Restricting incoming NLB traffic to internal IP addresses

Customer has a use case which involves handling TCP traffic (not http or https) in their internal VPC.

Is there a way to restrict source IPs? For an NLB there are no security groups.

Topics

Networking & Content Delivery

Tags

Amazon VPC

Language

English

AWS-User-3928795

asked 3 years ago901 views

1 Answer

NewestMost votesMost comments

Accepted Answer

If the clients are in the same VPC you could simply use an internal NLB, which will only have private IP addresses, and not be available to clients outside the VPC's private connectivity.

When you use an instance type target group on your NLB, the security group rules s of the targets are applied if they refer to the client's source IP or source network CIDR.

EXPERT

zobAWS

answered 3 years ago

Relevant content

Uneven traffic from NLB to the targets in a target group
rePost-User-0853392
asked 7 days ago
Adding a static IP to ELB
atewatia
asked 4 years ago
Using a single Elastic IP and routing on FQDN with UDP requests
AWS-User-2890305
asked a year ago
Forward traffic from NLB to ALB in https
rePost-User-1204407
asked 4 months ago
How can I restrict access to my Amazon S3 bucket using specific VPC endpoints or IP addresses?
AWS OFFICIALUpdated 8 months ago
I host a website on an EC2 instance. How do I allow my users to connect on HTTP (80) or HTTPS (443)?
AWS OFFICIALUpdated 6 months ago
How do I restrict CIDR IP addresses for a LoadBalancer type service in Amazon EKS?
AWS OFFICIALUpdated 2 years ago
What's the source IP address of the traffic that Elastic Load Balancing sends to my web servers?
AWS OFFICIALUpdated a year ago
Best Practices for Distributors in delegating and restricting access privileges to downstream partners
EXPERT
Tong Jun Qun
published 2 months ago
Why is a /24 the smallest IP range that can be used with BYOIP?
EXPERT
Brettski-AWS
published 3 months ago