I've, more or less, following configuration on AWS:
Elastic load balancer with 3 machines o 3 different availability zones. My security group allows 0.0.0.0/0:80 as it's my rails application (nginx, unicorn).
I was wondering if there's any way to deny access to my app to an specific public ip address? I've been reading AWS documentation, but as SG's are "deny all" there's no way to deny just one specific IP address.
Any ideas? iptables on the 3 machines behind load balancer?
Thanks!
Best Answer
A straight forward solution is to use a VPC Network ACL Inbound Rule. This only works if your ELB is in a VPC, but if you've created it in the last few years it should be in the default one.
To ban 1.2.3.4 for example, do the following:
VPC
.Network ACLs
from the left hand menu.Inbound Rules
tab.Edit
and add a new rule with the following attributes:There's a bunch more information about Network ACLs here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html