- Newest
- Most votes
- Most comments
Hello.
Since it is not possible to set up a firewall with a Lightsail load balancer, why not try setting up an ALB using VPC peering instead?
With ALB, you can restrict IPs using security groups, and you can also set up AWS WAF.
https://repost.aws/knowledge-center/lightsail-add-application-load-balancer
I'm assuming the restrictions are gone as the instance is seeing all traffic as internal from the Load Balancer?
I think this explanation is probably relevant.
If you check the access log of the web server and find that the source IP address is a private IP address, it is possible that the load balancer is accessing using the private IP address.
https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-editing-firewall-rules.html
Firewall rules affect only traffic that flows in through the public IP address of an instance. It does not affect traffic that flows in through the private IP address of an instance, which can originate from Lightsail resources in your account, in the same AWS Region, or resources in a peered virtual private cloud (VPC), in the same AWS Region. For example, if you delete the SSH rule (TCP port 22) from the instance firewall, other instances in the same Lightsail account, and in the same AWS Region, can continue to connect to it using SSH by specifying the private IP address of the instance.
Relevant content
- asked 6 months ago
- asked a year ago
- asked a year ago
AWS OFFICIALUpdated a month ago- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago
