Question 272082 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – In AWS CDK, how to set ClientIpPreservation on NLB Global Accelerator endpoint?

I have a Global Accelerator that points to a Network Load Balancer (that has a security group). According to AWS documentation, by default the IP address preservation is turned off, But it’s possible to turn it on.

I can’t figure out how to turn on IP address preservation for NetworkLoadBalancerEndpoint through the CDK. NetworkLoadBalancerEndpoint only properties appear to be NLB and weight.

That’s the code I have written to create the accelerator and the endpoint:

class GlobalAcceleratorConstruct(Construct):

def __init__(self, scope: Construct, id_: str, nlb: NetworkLoadBalancer) -> None:
    super().__init__(scope, id_)

    accelerator = aws_globalaccelerator.Accelerator(self, f'NlbAccelerator')

    listener = aws_globalaccelerator.Listener(self, f'NlbAcceleratorListener', accelerator=accelerator,
                                              port_ranges=[aws_globalaccelerator.PortRange(from_port=NLB_LISTENING_PORT)])

    endpoint = NetworkLoadBalancerEndpoint(nlb)
    self._endpoint_group = aws_globalaccelerator.EndpointGroup(self, 'NlbAcceleratorEndpointGroup', listener=listener,
                                                               endpoints=[endpoint])
Tags:

2

Answers


  1. 0

    You need to enable it in aws_globalaccelerator.Listener.

    accelerator = aws_globalaccelerator.Accelerator(self, 'Accelerator')

listener = aws_globalaccelerator.Listener(
    self, 'Listener',
    accelerator=accelerator,
    port_ranges=aws_globalaccelerator.PortRange(port_range),

    # This
    client_affinity=aws_globalaccelerator.ClientAffinity.SOURCE_IP
)

    enter image description here

    EDIT

    You also need to enable it in your NetworkTargetGroup:

    group = listener.add_targets(
    "NetworkTargetGroup",
    targets=targets,
    preserve_client_ip=True
)

    https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_elasticloadbalancingv2/NetworkTargetGroup.html

    https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation

    Login or Signup to reply.
  2. 0

    Unfortunately NetworkLoadBalancerEndpoint doesn’t support PreserveClientIP parameter. I hope it will be added somehow in the future.

    For temporary solution you can use CfnEndpointGroup with EndpointConfigurationProperty.

    endpoint_configurations = []
endpoint_configurations.append(                      
    
aws_globalaccelerator.CfnEndpointGroup.EndpointConfigurationProperty(
                        endpoint_id=load_balancer_arn,
                        weight=128,
                        client_ip_preservation_enabled=True
                    ))

aws_globalaccelerator.CfnEndpointGroup(
            self, 'EndpointGroup',
            listener_arn=listener.listener_arn,
            endpoint_group_region=region,
            endpoint_configurations=endpoint_configurations,
        )
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search