Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Enabling Shield Advanced on an Internet-Facing NLB Without Elastic IPs

0

I have an internet-facing Network Load Balancer (NLB) currently provisioned without Elastic IP addresses. I want to enable AWS Shield Advanced for enhanced DDoS protection. However, I want to achieve this without causing downtime to my application.

Could you kindly suggest the optimal solution for enabling Shield Advanced in this scenario?

Topics
Security, Identity, & Compliance
Tags
AWS ShieldNetwork Load BalancerDDOS Protection
Language
English
asked 10 months ago110 views
1 Answer
0

Hello.

I think you need to configure an Elastic IP address to protect NLB with Shield Advanced.
Therefore, if you do not configure an Elastic IP for your NLB, it will not be protected in the first place.
https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-summary-protected-resources.html
https://repost.aws/questions/QUTKp1debUTxmhzT1xljB8_w/how-can-we-add-nlb-s-eip-for-shield-advanced-protection-for-aws-auto-assigned-ips#AN_Peu3OHaSiq_A1DEWOl-CQ

It is unclear how you are accessing your NLB from the client, but if you do not currently have an Elastic IP configured, setting one will change the IP address, which may result in a momentary failure to connect.
https://repost.aws/knowledge-center/elb-attach-elastic-ip-to-public-nlb

EXPERT
answered 10 months ago
AWS
EXPERT
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content