How to restrict access to subdomain based on IP (AWS)?

imChasingShadows
November 3, 2022
250 views
0 votes
2 Answers

We want to block access for unknown ip-addresses to specific subdomains.

We are using one aws application loadbalancer that forwards (subdomain) traffic to specific ECS target groups. Some of these subdomains should not be accessable by unknown ip-addresses.

I considered using AWS WAF to block the ip’s but it looks like i cant specify to which subdomains the rule should apply.

Answers

- Marcin
- November 4, 2022 at 1:43 am
- 0 votes
0
I considered using AWS WAF to block the ip’s but it looks like i cant specify to which subdomains the rule should apply.

That’s correct. You can’t block "access" to dns name. Internet does not work like that. You have to block access to resources pointed to by the dns name, such as an ec2 instance or load balancer. But anyone will always be able to "access" your domain.

Login or Signup to reply.

- ElbashirSaror
- November 4, 2022 at 6:35 am
- 0 votes
0
I think you simply need to use security groups and then specify the ips allowed to access the subdomains resources.
1. Create instance for each subdomain.
2. Configure it’s Security Group inbound rules.
3. Create a route 53 record for your subdomains and point then to your instances.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.