Home > OS >  Is it possible to whitelist the IP's of the API gateway in the loadbalancer (AWS)?
Is it possible to whitelist the IP's of the API gateway in the loadbalancer (AWS)?

Time:07-06

I want to restrict the access to my application server by specifying the whitelisted IPs. This is possible by adding them in the security group inbound rules. But my application also uses the API gateway to proxy some of the apis and redirects to the server. Considering the usecase, is it possible for me to whitelist the API gateway?

  • I'm using application load balancer (no provision to use the NLB or other)

Is there any work around?

CodePudding user response:

If you want to block API Call your API Gateway you can use a Ressource Policy on API gateway to block / allow IP.

{
  "Version": "2012-10-17",
  "Statement": [{
      "Effect": "Allow",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "execute-api:/*/*/*"
    },
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "execute-api:/*/*/*",
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": ["sourceIpOrCIDRBlock", "sourceIpOrCIDRBlock"]
        }
      }
    }
  ]
}

Yan can also use a AWS WAF in front of your ALB and API Gateway to block or allow IPs

Reference: enter image description here

Page link:https//www.codepudding.com/os/466049.html

Prev:Terraform tries to re-create RDS instance when nothing has changed
Next:AWS CLI - aws ec2 describe-volumes can't ouput volume size and volume type in a table
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding