Reputation: 53
How to close access to instance to all except load balancer?
I have a web application (nginx + go, by docker) on my ec2 instance. I need to add https. For this I created new certificate in ACM and load balancer(LB, https -> http). Then I added new record in Route53 for LB (for e.g. lb.example.com). Now, my app available by:
I want that my app will available only by https://lb.example.com (by lb, through https). How can I do this ? I can't use server_name in nginx, because LB don't support it.
Thank you.
Upvotes: 0
Views: 32
Answers (1)
Reputation: 13501
On your instance's security group you can allow only HTTPs and, instead of allowing the origin by IP address, use the ID of the ELB security group. This way only traffic coming from the ELB will be accepted by the instances.
See https://aws.amazon.com/blogs/aws/building-three-tier-architectures-with-security-groups/
Upvotes: 1
Related Questions
- Ingress vs Load Balancer
- How to get an AWS EC2 instance ID from within that EC2 instance?
- AWS - SSL/HTTPS on load balancer
- Application Load Balancer (ELBv2) SSL pass through
- AWS request ACM HTTPS certificate for load balancer
- classic load balancer https acm issue
- How to handle requests after Elastic load balancer (AWS) without Server name
- Is ssl termination at AWS load balancer ELB secure?
- Route HTTP request to HTTPS in AWS Load Balancer
- Can't access HTTPS site on Elastic Beanstalk after configuring HTTPS in the load balancer