Unwanted endpoints are invoking the application deployed in EC2

0

Hello Team,

In EC2, I have deployed a flask application with port 8000. For security, I am converting the http requests to https requests using application load balancer and route 53.

I configured the security groups to allow only http (8000) and https (443) and source is 0.0.0.0/0. I have applied same security group to load balancer.

In Network ACL, I am allowing all traffic.

The issue is:

some unwanted/not configured IP address endpoints are hitting my application. lets say, I have configured the ec2 to 12.23.42.23 and configured domain requests (https://example.com/api/hit), but ec2 is allowing other IP addresses (32.43.23.23). I see many not configured IP address calls are hitting the application.

So, I am tried to restrict the Network ACL to allow only 8000 and 443. But no requests being reached to server.

Please help with the details what is the security group for ec2 and load balancer to be used. and also network ACL to allow only 12.23.42.23 and configured domain requests (https://example.com/api/hit)

2 Answers
0

Thanks for the response Kentrad.

I have used different SG for the ELB still I see unwnated endpoints are hitting the application.

I want to you tell the configuration used in EC2 SG, ELB SG, NACL and ELB listeners.

EC2 SG Inbound: EC2 SG Inbound Rules

ELB SG: Application Load Balancer SG

ELB Listeners: Application Load Balancer Listeners

answered a year ago
  • In the EC2 SG inbound rule, change the source on the third rule (TCP/8000) to the ELB SG. Clear out the '0.0.0.0/0' and start typing 'sg-' and a list of SGs will populate. Pick the ELB SG.

0

Use a different SG for the ELB (TCP 8000 from 0.0.0.0/0) than the EC2 Instances (TCP 8000 from the ELB SG). This will force all traffic through the ELB. You don't need to adjust the NACL to make this work.

profile pictureAWS
EXPERT
kentrad
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions