Restrict HTTP Access to Elastic Beanstalk

security amazon-web-services amazon-ec2 amazon-elastic-beanstalk
10,456

Solution 1

I have restricted HTTP access to an Elastic Beanstalk application to only certain IP addresses.
Following is my procedure.

  1. Create new beanstalk environment in the VPC(Amazon Virtual Private Cloud).
    Please read following documents.
    Using AWS Elastic Beanstalk with Amazon VPC
    Example: Launching an AWS Elastic Beanstalk Application in a VPC
    note: I tried to create a new beanstalk environment(Tomcat) in the VPC using AWS Tookit for Eclipse last month. But I could not create a new beanstalk environment due to the bug of AWS Toolkit for Eclipse. Finally, I could create a new beanstalk environment using a elastic-beanstalk-create-environment command. Therefore I recommend to use elastic-beanstalk-create-environment command.

  2. Create a new Network ACL(VPC's function) and open the inbound tab and configure to restrict source IP addresses. Set this Network ACL to the subnet of VPC which have a beanstalk's ELB.

Solution 2

I was able to restrict access to certain IP from a security group. I you look at an EC2 instance of your application the security group points to another one (see below).

enter image description here

Find this other security group, which is the one of the elastic load balancer. If you add inbound IP rules to this SG it will be applied to your application.

Hope this help.

Solution 3

I was able to limit access to folders with the following X-FORWARDED restrictions: 

<Directory "/var/www/html/folder_name">
    SetEnvIf X-FORWARDED-FOR x.x.x.x allow
    SetEnvIf X-FORWARDED-FOR a.a.a.a allow
    Order deny,allow
    Deny from all
    Allow from env=allow
</Directory>

This was done in the httpd.conf file, but I'm hoping it will also work in an .htaccess file. However, I'm supposedly not using an ELB, just a single instance and what ever load-balancing AWS may or may not already implement.

Hope this helps.

Share:
10,456
DeejUK
Author by

DeejUK

I tell computers to do things. Sometimes I even tell them to do the right things. I also help people get better at telling computers to do things. Some of the things I tell computers to do are games, but most are related to distributed services, PaaS, NoSQL, and that sort of thing.

Updated on September 14, 2022

Comments

  • DeejUK
    DeejUK over 1 year

    Is it possible to restrict HTTP access to an Elastic Beanstalk application to only certain IP addresses? I"ve tried adding rules to my environment's Security Group but these don't appear to be having any effect. Is this because all HTTP traffic is routed through the Elastic Load Balancer, which isn't within the security group?

  • Greg
    Greg over 8 years
    X-FORWARDED-FOR is easy to spoof

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Where is my pem key file on EC2?
EC2 instance always ask me to enter passphrase for the pem during connection
Pricing of Key Pairs and Security Groups on AWS?
Are Amazon EC2 Private IPs reachable from any instance running in EC2?
Port 80 not accessible Amazon ec2
ebextensions: yum does not install package
"storage/logs/laravel-2019-11-22.log" could not be opened: failed to open stream: Permission denied
Connecting AWS EC2 instance asks for password although PEM file is provided
What are the default security groups created when I set up AWS EB for the first time?
How to setup bastion host or Jumpbox in AWS?