I have a large list of IPs (>100) that need to be whitelisted for both inbound and outbound communication on EC2 instances. Is there a way to whitelist them collectively? (The IPs also don't belong to a range and are discontinuous). We are currenlty using security groups for whitelisting IPs, but I couldn't find an easy way to whitelist a large collection of IPs.
PS- I tried exploring IP sets in AWS WAF, but it requires setting up an application load balancer, additionally since we are already using security groups, blocking IPs at the application layer (via WAF) will also block IPs that are already whitelisted at the EC2 level.
Thanks in Advance!
CodePudding user response:
For an EC2 port access the best option you got is security groups. But you better use IaC to manage this such as Terraform or CloudFormation - it will help you to better manage the IP list and save them all in one file.
Here is a reference for Terraform: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
CodePudding user response:
You can use managed prefix lists which allows you to make it easier to configure and maintain your security groups.
Keep in mind that every entry in the prefix list count as a rule in your SG, so probably you will need to request an increase of the default quota (60 inbound and 60 outbound rules per security group).