0

Not sure if this is the right forum to ask this. Please redirect me if possible.

I have a specific endpoint in my node/express application that I want to lock down to certain IPs. All the other endpoints should be open to the public.

Is this possible using EC2 security groups? Or do I need to create a separate service to just host this endpoint on a different port and restrict that port to certain IPs?

kane
  • 5,465
  • 6
  • 44
  • 72

2 Answers2

0

If you can put the endpoint on a different port than the rest of the endpoints use, then you could do it all on the same machine - but if all of the endpoints are available on the very same port, it won't work and you would need to use something other than security groups to control access.

E.J. Brennan
  • 45,870
  • 7
  • 88
  • 116
  • ok, thanks for confirming. i currently have the endpoint on a separate port. i'll post how to do that for others – kane Apr 13 '18 at 20:05
0

Here's my current approach. Instead of another application/process, I just create another express() instance and listen on a different port like so

var express = require('express');

var appMain = express();
appMain.get('/api/public', ...);
appMain.listen(3000);

var appPrivate = express();
appPrivate.get('/api/private', ...);
appPrivate.listen(3001);

Then I use EC2 security groups to allow all IPs to port 3000, and restrict IPs to port 3001.

I'm not sure if you can do this with other app servers, but this is my approach with node

kane
  • 5,465
  • 6
  • 44
  • 72