Limit access to MWAA Public Environment UI

I set up a public mwaa environment but i want to limit UI access to only specific IP range I tried to remove everything from the inbound security group that mwaa public environment is using but it is still accessible from the public internet, removing it also caused scheduler to crash but i added 5432 port and it is fixed, that is the only inbound rule that the environment has I am probably missing sth but not sure what Is it possible to limit access to UI ? Thanks

主題

網路與內容交付應用程式整合 AWS Well-Architected Framework

標籤

Amazon VPC 網路與內容交付 Amazon Managed Workflows for Apache Airflow (MWAA)安全性安全性群組

語言

English

rePost-User-3422586

已提問 1 年前檢視次數 287 次

1 個回答

最新
最多得票
最多評論

You may limit MWAA UI access using IAM's SourceIp condition: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_IPAddress

John_J

已回答 1 年前

john
1 年前
I got an error though

Private IP Address: aws:SourceIp works only for public IP address ranges. The values for condition key aws:SourceIp include only private IP addresses and will not have the desired effect. Update the value to include only public IP addresses

For my private environment there is a route table addressing

Destination lets say 10.1.0.0/16 Target tgw-....

I want to limit my public UI access to only that private ip range

Limit access to MWAA Public Environment UI

相關內容