By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS NLB security group

0

Hello all!

I've been considering using a NLB, and was wondering if someone would be kind enough to answer the following questions:

Does AWS NLB have security group?

Can I attach security group to NLB?

How do I protect my AWS NLB?

Do Albs have security groups?

Topics
Networking & Content DeliveryAWS Well-Architected Framework
Tags
Amazon VPCNetworking & Content DeliveryElastic Load BalancingAWS Well-Architected FrameworkSecurity
Language
English
Cloud Dropout
asked 2 years ago20717 views
5 Answers
2

Network Load Balancer now supports security groups

https://aws.amazon.com/about-aws/whats-new/2023/08/network-load-balancer-supports-security-groups/

Raiyan
answered 8 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 2 months ago
1

The NLB itself doesn't have any security group. Instead, you control access using the security groups(s) attached to the EC2 instances. The source IP address is preserved, so you work with security group configuration (and other firewalls so to speak) as if the client had connected directly to your machine. The load balancer is kind of more transparent than in the ELB/ALB case. Refer https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-network-load-balancer.html for step-by-step instruction.

AWS
Sanjay Aggarwal
answered 2 years ago
  • rePost-User-7627049
    a year ago

    Hi. "Source IP address is preserved" is true if the target group is an instance (and may be in other cases). But NLB masks the client's source IP address in the case of an ECS target. Therefore, the security group on the ECS cannot see the client's original IP address. How can I publish a TCP/UDP ECS service that is not available to everyone?

1

AWS Network Load Balancer does not support security groups today. You can use Amazon VPC NACLs, AWS Network Firewall, and/or a marketplace firewall with AWS Gateway Load Balancer to provide various levels of protection for your NLB. You can also use security groups on your targets if client IP preservation is enabled (see more here about when client IP preservation is supported)

Application Load Balancers do support security groups today.

For more information comparing ALB vs NLB, I suggest you check out this page.

AWS
EXPERT
Scott
answered 2 years ago
0

NLB will connect to the IP of your machine ( any cloud or on-prem ), you must be using a software/tool like firewall or proxy already in your cloud / on-premise to protect the Virtual machines, you can still continue using that for the machine and in AWS NLB will act as only the load balancer with the provided algorithm/configurations

asvignesh
answered 2 years ago
0

Starting Aug 10, 2023, NLB supports Security Group. Please refer https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-security-groups.html

profile picture
Abhijit Ghosh
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content