AWS EC2 deny single ip address and allow all

11,797

The only way to deny sources/IP addresses is to use Network ACL's in the VPC. These operate like a firewall allowing or blocking traffic incoming to your subnet, and operate above the Securtiy group level (for traffic coming in from external).

Go to your VPC and then Network ACLs. You should already have one that you can apply a rule to, but if not create one and apply it to the subnet where you have your instance running in and explicitly deny the IP address on port 80 you want to block.

Share:
11,797

Related videos on Youtube

ar099968
Author by

ar099968

Updated on September 18, 2022

Comments

  • ar099968
    ar099968 over 1 year

    I have a AWS EC2 instance and want deny access on port 80 for a single ip address (a bad bot).

    AWS console it seem support only "allow" rules.

    How deny a single ip address?

  • Qwerky
    Qwerky over 7 years
    in addition, make sure give the rule a higher precedence than the existing default allow all rule, and also make sure you apply the rule to the correct subnet (if you have more than one).