0

I want to do this in order to block a brute force attack we've been receiving.

It is important to mention that IP addresss for those webservers changes daily. Currently we are updating the restriction every day.

Is it possible to use an alias for the webserver?

Ced
  • 111
  • 3
  • 1
    Are your databases AWS hosted, or are the elsewhere (on-prem)? If on-prem what kind of firewall are you using? How are you connecting your EC2 servers to your database? -- I ask these because we have an on-prem dB that a cloud host connects to, and we protect it with some app-aware rules in a L7 firewall (plus, you know, encryption around encryption of encrypted data -- that is encryption at tunnel/transit/rest -- because safe is more important than cycles for the data access) – Ruscal Jan 09 '18 at 21:32
  • My database server is an E2 instance in AWS, as well as my web servers – Ced Jan 09 '18 at 21:51
  • 2
    In that case, look at @ceejayoz 's absolutely perfect answer below https://serverfault.com/a/891469/189670 – Ruscal Jan 09 '18 at 22:26
  • 1
    That you apparently have a database server in a public subnet is a truly terrifying state of affairs. – womble Jan 10 '18 at 01:21

1 Answers1

4

AWS security groups allow you to grant access by security group ID rather than IP addresses, which sounds like what you're looking for - changes in IP address won't matter.

In your database servers' security group, permit traffic from your webserver's security group ID. Block all other traffic.

Example:

enter image description here

ceejayoz
  • 32,910
  • 7
  • 82
  • 106