1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
To address this finding, you can create a security group that allows traffic only from the NLB's security group or from specific IP ranges that are trusted. You can then update your EKS cluster to use this new security group instead of the existing one. Or you could use WAF to filter traffic based on specific criteria, such as IP address or geographic location. This can provide an additional layer of security to your application while still allowing you to preserve client IP addresses.
beantwortet vor einem Jahr
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
From my understanding if I have client IP preservation, the source IP that I will see will not be from the NLBs but from the client IPs, or am I wrong in this assumption? If this is correct, then I cannot limit an IP range because the public ingress needs to allow everyone to connect to it.