Restricting incoming NLB traffic to internal IP addresses

0

Customer has a use case which involves handling TCP traffic (not http or https) in their internal VPC.

Is there a way to restrict source IPs? For an NLB there are no security groups.

主题

网络和内容交付

标签

语言

English

AWS-User-3928795

已提问 4 年前2111 查看次数

1 回答

最新
投票最多
评论最多

这些答案有用吗？为正确答案投票，以帮助社区从您的知识中受益。

0

已接受的回答

If the clients are in the same VPC you could simply use an internal NLB, which will only have private IP addresses, and not be available to clients outside the VPC's private connectivity.

When you use an instance type target group on your NLB, the security group rules s of the targets are applied if they refer to the client's source IP or source network CIDR.

专家

已回答 4 年前

相关内容

在S3中使用Glue Crawler，返回403错误（"ciphertext refers to a CMK that doesn't exist." (using SSE-S3, not KMS)）
专家
rePost Polyglot
已提问 2 年前
The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access (Query Id: b2c74c7e-21ed-4375-8712-cd1579eab9a7)
专家
rePost Polyglot
已提问 5 个月前
由于“Houston, there's a problem”，无法创建新的AWS Amplify应用程序。
专家
rePost Polyglot
已提问 1 年前
NLB 在一个 IP 上停止响应
专家
rePost Polyglot
已提问 5 个月前
如何在 Amazon EMR 中解决系统提示“Failed to start the job flow due to an internal error”？
AWS 官方已更新 1 年前
如何将我的 Site-to-Site VPN 连接配置为优先使用隧道 A 而不是隧道 B？
AWS 官方已更新 2 年前
我从 Amazon S3 桶下载或复制对象时，为什么会出现错误“The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access”（加密文字指的是不存在、此区域不存在或者您无权访问的客户主密钥）？
AWS 官方已更新 1 年前
我在 EC2 实例上托管了一个网站。如何让我的用户通过 HTTP（80）或 HTTPS（443）进行连接？
AWS 官方已更新 2 年前