AWS|How to allow source IP addresses to access specific URL path using an Application Load Balancer

Dec 12, 2021 · 1 min read · Post a comment

Most likely, if you use ECS as your application orchestration service it will require some basic knowledge to manage Application Load Balancers short ALBs. Essentially managing the access of your application can be accomplished through the ALBs security group on a root level. But if you want to allow specific source IP addresses to access a specific URL path it can be achieved by setting up an ALB Listener rule. Here I’m going to show the steps.


  • AWS account
  • IAM access

Let’s create an example. You want to allow access to domain/api/* from a pool of IP addresses and deny it to anyone else.


Step 1. Navigate to the EC2 console service and from the left menu click on Load Balancers. After that click on Listeners and View/edit rules.

Step 2. The first rule should look like:

IF Source IP is AND Path is /api* THEN Forward to application Target Group

aws alb source ip specific url first rule

Step 3. The second rule is to deny public access.

IF Path is /api* THEN Return fixed response 403

aws alb source ip specific url second rule

Step 4. The last one should look like:
awsl alb source ip specific url third rule


For any additional questions regarding ALBs or specific alb listener rules please put a comment below. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.