aws,

AWS|How to allow source IP addresses to access specific URL path using an Application Load Balancer

Dec 12, 2021 · 1 min read · Post a comment
AWS|How to allow source IP addresses to access specific URL path using an Application Load Balancer

Most likely, if you use ECS as your application orchestration service it will require some basic knowledge to manage Application Load Balancers short ALBs. Essentially managing the access of your application can be accomplished through the ALBs security group on a root level. But if you want to allow specific source IP addresses to access a specific URL path it can be achieved by setting up an ALB Listener rule. Here I’m going to show the steps.

Prerequisites

  • AWS account
  • IAM access

Let’s create an example. You want to allow access to domain/api/* from a pool of IP addresses 1.2.3.4/30 and deny it to anyone else.

Solution

Step 1. Navigate to the EC2 console service and from the left menu click on Load Balancers. After that click on Listeners and View/edit rules.

Step 2. The first rule should look like:

IF Source IP is 1.2.3.4/30 AND Path is /api* THEN Forward to application Target Group

firstrule

Step 3. The second rule is to deny public access.

IF Path is /api* THEN Return fixed response 403

secondrule

Step 4. The last one shoud look like:
thirdrule

Conclusion

For any additional questions regarding ALBs or specific alb listener rules please put a comment below. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.