We have a springboot application running as a single instance( there is no Loadbalancer) on aws elastic beanstalk.
The question is how to protect/block the /actuator path (only admins) could access it.
you can't without a load balancer.
With ALB you can configure some settings to restrict access, but not with custom authentication.
Related
I have an API on a AWS ec2 instance with the route domain.com/api. And I have deployed a NextJS app on amplify which I want to show on the home page of my domain.com. How to use cloudfront to distinguish between the two and send resources accordingly?
I have managed to set up CloudFront but it is throwing an access denied error. I have set up a load balancer for my EC2 instance also. What might be wrong here?
The API on ec2 and the app on amplify is working independently. I have checked them both.
I have a beanstalk app in private subnets and load balancer in private subnets. I assumed that performing curl to <beanstalk app load balancer> (the URL I see in the list of beanstalk apps under Environments section) will allow me to access it if I do it from inside of session started by session manager directly on that particular beanstalk app.
But connection can't be established. Not sure what should be configured additionally. Is this possible to achieve that and how?
I have an Elastic Beanstalk instance that is running a Flask app. I want to know if there is any way through AWS to automatically block IP addresses that are doing unusual activity on my site.
This could be a range of things, for example:
Send several GET requests over and over
Trying to POST without a CSRF
And more. Any ideas? Thanks.
Generally, for that you would front your EB with application load balancer and AWS Web Application Firewall.
This setup is documented in the recent AWS blog and other sources:
How do I protect my Elastic Beanstalk environment against attacks from known unwanted hosts?
Setting up AWS Web Application Firewall (WAF) with Elastic Beanstalk
Guidelines for Implementing AWS WAF
I have created a flask app using Fargate ecs.
On this setup, I have a security group attached to the load balancer where I can adjust the inbound rules with the IPs that I want to have access to this app. That works ok.
However, what I want is to attach authentication credentials to the Fargate in order to give access to the ones having these tokens instead of using IP rules that I am doing now.
Is there a way to do it in aws or do I need to do it internally in the flask app?
thanks
I have front-end hosted on a server which calls the Back-end server i.e. an Elastic Load Balancer(ELB), and using Elastic Beanstalk for deployments hence it takes care of autoscaling.
Ember/Front-end -> ELB -> Autoscaled EC2 instances with Nginx servers
Now I want to add API Gateway in between and ensure that ELB takes requests from API Gateway only. I found that-> here <-
But, I am using AWS Certificate manager to push my SSL certififcates, not sure how to use the PEM file/cert provided by API Gateway.
Is it possible to push the API Gateway provided Client Side Cert file through Certificate manager(console/cli/anywhere) along with the SSL certs that I bought ?
Is it possible to terminate SSL at ELB and use the API Gateway key.
To my horror, do I need to manually configure the certs on nginx config in the .ebextensions file ? if yes, the is there a better way to not push the file son the code repo and use them separately ?
The best way to do this is:-
If you are using Elastic Beanstalk in a VPC and are not of a view to rebuild the configuration. Then create an Elastic Load Balancer, attach it to a Target group, which targets an Autoscaling group's instances(make sure to attach the Target group in the Autoscaling group configuration as well, so that it keeps connected even when the instances are up/downscaled).
Or build a new conf. using the Network Load Balancer. Make sure that the Network load balancer is of scheme private i.e. not exposed to public/internet.
Next step is to create a VPC Link in API Gateway(you see an option in the API Gateway Console left menu-bar).
More information: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html