Most likely, if you use ECS as your application orchestration service it will require some basic knowledge to manage Application Load Balancers short ALBs. Essentially managing the access of your application can be accomplished through the ALBs security group on a root level. But if you want to allow specific source IP addresses to access a specific URL path it can be achieved by setting up an ALB Listener rule. Here I’m going to show the steps.
- AWS account
- IAM access
Let’s create an example. You want to allow access to
domain/api/* from a pool of IP addresses
126.96.36.199/30 and deny it to anyone else.
Step 1. Navigate to the EC2 console service and from the left menu click on
Load Balancers. After that click on
Step 2. The first rule should look like:
IF Source IP is 188.8.131.52/30 AND Path is /api* THEN Forward to application Target Group
Step 3. The second rule is to deny public access.
IF Path is /api* THEN Return fixed response 403
Step 4. The last one shoud look like:
For any additional questions regarding ALBs or specific alb listener rules please put a comment below. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.