I have a Global Accelerator that points to a Network Load Balancer (that has a security group). According to AWS documentation, by default the IP address preservation is turned off, But it’s possible to turn it on.
I can’t figure out how to turn on IP address preservation for NetworkLoadBalancerEndpoint through the CDK. NetworkLoadBalancerEndpoint only properties appear to be NLB and weight.
That’s the code I have written to create the accelerator and the endpoint:
class GlobalAcceleratorConstruct(Construct):
def __init__(self, scope: Construct, id_: str, nlb: NetworkLoadBalancer) -> None:
super().__init__(scope, id_)
accelerator = aws_globalaccelerator.Accelerator(self, f'NlbAccelerator')
listener = aws_globalaccelerator.Listener(self, f'NlbAcceleratorListener', accelerator=accelerator,
port_ranges=[aws_globalaccelerator.PortRange(from_port=NLB_LISTENING_PORT)])
endpoint = NetworkLoadBalancerEndpoint(nlb)
self._endpoint_group = aws_globalaccelerator.EndpointGroup(self, 'NlbAcceleratorEndpointGroup', listener=listener,
endpoints=[endpoint])
2
Answers
You need to enable it in
aws_globalaccelerator.Listener
.EDIT
You also need to enable it in your
NetworkTargetGroup
:https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_elasticloadbalancingv2/NetworkTargetGroup.html
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation
Unfortunately NetworkLoadBalancerEndpoint doesn’t support PreserveClientIP parameter. I hope it will be added somehow in the future.
For temporary solution you can use CfnEndpointGroup with EndpointConfigurationProperty.