IP/Url Whitelisting with AWS

We all know, security is always our top priority for any software. In general, when we host our application for production environment, we mostly have some services/applications which we would like to allow only access from whitelisted/trusted source, like it could your APIs urls or internal audit dashboard etc.. So this article will explain, if our  services/applications hosted on AWS, then how we can manage IP whitelisting.

One option is, we mange whitelisted via AWS load balancer, where with listener rule, we can apply source/whitelisting concept.

So part of below ALB listener url ecreenshot:

• I have one url i.e. "linuxhosttest-b.****.com" which will open for everyone to use from any where, that is first rule you see below.
• I have another url i.e. "linuxhosttest-b.******" which will open only from two source ips, that is second rule you see below.

Now, here the problem is, we can set max 5 source ips with one rule. So if we have more Ips, then we should use WAF or here also you can create multiple rules and add our ips 5 to each.

Second options is AWS WAF to create IP set list and then apply that IP set with WAF web ACL rule to allow traffic only form those IP's list.

Create IP sets:

Apply IP set with web ACL rule: