We want to block access for unknown ip-addresses to specific subdomains.
We are using one aws application loadbalancer that forwards (subdomain) traffic to specific ECS target groups. Some of these subdomains should not be accessable by unknown ip-addresses.
I considered using AWS WAF to block the ip's but it looks like i cant specify to which subdomains the rule should apply.
CodePudding user response:
I considered using AWS WAF to block the ip's but it looks like i cant specify to which subdomains the rule should apply.
That's correct. You can't block "access" to dns name. Internet does not work like that. You have to block access to resources pointed to by the dns name, such as an ec2 instance or load balancer. But anyone will always be able to "access" your domain.
CodePudding user response:
I think you simply need to use security groups and then specify the ips allowed to access the subdomains resources.
- Create instance for each subdomain.
- Configure it's Security Group inbound rules.
- Create a route 53 record for your subdomains and point then to your instances.