1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
To address this finding, you can create a security group that allows traffic only from the NLB's security group or from specific IP ranges that are trusted. You can then update your EKS cluster to use this new security group instead of the existing one. Or you could use WAF to filter traffic based on specific criteria, such as IP address or geographic location. This can provide an additional layer of security to your application while still allowing you to preserve client IP addresses.
回答済み 1年前
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 2年前
From my understanding if I have client IP preservation, the source IP that I will see will not be from the NLBs but from the client IPs, or am I wrong in this assumption? If this is correct, then I cannot limit an IP range because the public ingress needs to allow everyone to connect to it.