Reputation: 2531
Restrict API access to a single source IP
User visits my website, which is a static site on EC2.
On purchasing, after PayPal checkout, the index file on my site sends a request to an API server to get the zip file.
The API server, also on EC2, responds with the zip file and link.
I want to ensure that the API server / endpoint responds only if the request has come from my site’s index.html file but I cannot use Security Groups to filter out the IP— because when the call is made from index.html file, the originating IP is client's IP.
Upvotes: 2
Views: 1485
Answers (2)
Reputation: 19728
This is simply not possible with IP filtering as you clearly identified, client IP changes since the request is coming from index.html.
If your motive is to reduce threats to your EC2 instance, use a web application firewall like AWS WAF to filter traffic sent to the EC2 instance.
Also configure CORS properly to prevent requests from any other origins.
Upvotes: 0
Reputation: 30083
If your website is hosted on somewhere not on some EC2 and sending API request to your EC2 then you can use AWS security group for.
Define Security group with custom ip and port so only requests from that ip only goes into that particular EC2 and trigger your API.
in simple term :> Whatever ip your defining in security group that is only able to send request to ec2
Upvotes: 1
Related Questions
- AWS API Gateway: limit requests from a single IP
- Restrict aws api access to a particular ip
- Deny response from API Gateway when IP address is not whitelisted
- Only allow AWS API Gateway to access EC2 instance
- API Gateway whitelist certain IP
- How to allow only an IP/range access to AWS API Gateway resources
- How can I make API gateway only available to my ec2 instance?
- AWS - How to limit calls to one endpoint in a domain?
- Reject request in AWS API Gateway for certain IP
- Limiting public api gateway to specific IP