1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
To address this finding, you can create a security group that allows traffic only from the NLB's security group or from specific IP ranges that are trusted. You can then update your EKS cluster to use this new security group instead of the existing one. Or you could use WAF to filter traffic based on specific criteria, such as IP address or geographic location. This can provide an additional layer of security to your application while still allowing you to preserve client IP addresses.
con risposta un anno fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
From my understanding if I have client IP preservation, the source IP that I will see will not be from the NLBs but from the client IPs, or am I wrong in this assumption? If this is correct, then I cannot limit an IP range because the public ingress needs to allow everyone to connect to it.