Limit access to MWAA Public Environment UI

I set up a public mwaa environment but i want to limit UI access to only specific IP range I tried to remove everything from the inbound security group that mwaa public environment is using but it is still accessible from the public internet, removing it also caused scheduler to crash but i added 5432 port and it is fixed, that is the only inbound rule that the environment has I am probably missing sth but not sure what Is it possible to limit access to UI ? Thanks

主题

网络和内容交付应用程序集成 AWS 架构完善的框架

标签

亚马逊 VPC 网络和内容交付适用于 Apache Airflow 的亚马逊托管工作流程 (MWAA)安全安全组

语言

English

rePost-User-3422586

已提问 1 年前287 查看次数

1 回答

最新
投票最多
评论最多

You may limit MWAA UI access using IAM's SourceIp condition: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_IPAddress

John_J

已回答 1 年前

john
1 年前
I got an error though

Private IP Address: aws:SourceIp works only for public IP address ranges. The values for condition key aws:SourceIp include only private IP addresses and will not have the desired effect. Update the value to include only public IP addresses

For my private environment there is a route table addressing

Destination lets say 10.1.0.0/16 Target tgw-....

I want to limit my public UI access to only that private ip range

Limit access to MWAA Public Environment UI

相关内容