Most likely, if you use ECS as your application orchestration service it will require some basic knowledge to manage Application Load Balancers short ALBs. Essentially managing the access of your application can be accomplished through the ALBs security group on a root level. But if you want to allow specific source IP addresses to access a specific URL path it can be achieved by setting up an ALB Listener rule. Here I’m going to show the steps.
Prerequisites
- AWS account
- IAM access
Let’s create an example. You want to allow access to domain/api/* from a pool of IP addresses 1.2.3.4/30 and deny it to anyone else.
Solution
Step 1. Navigate to the EC2 console service and from the left menu click on Load Balancers. After that click on Listeners and View/edit rules.
Step 2. The first rule should look like:
IF Source IP is 1.2.3.4/30 AND Path is /api* THEN Forward to application Target Group
Step 3. The second rule is to deny public access.
IF Path is /api* THEN Return fixed response 403
Step 4. The last one should look like:
Conclusion
For any additional questions regarding ALBs or specific alb listener rules please put a comment below. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.