Using whitelisted IP Addresses on client's firewall

Question

I am newbie to AWS. So, I thought of asking this. Let's say that my web service clients can access only whitelisted IP addresses on their firewalls for security reasons. Moreover, I have an ELB in front of an EC2 instance running, say, basic index.html file.

I've two Questions:

I think one way to solve this would be to use an NLB (network load balancer) with associated Elastic IP. (NLB does support Elastic IP.) Am I right?
Can I use an A record in Route 53 hosted zone pointing to Elastic IP address? I am curious based on discussion (Use of Elastic IP address in Route 53 not working). I'd appreciate any insights.

It is preferred if you can post separate questions instead of combining your questions into one. That way, it helps the people answering your question and also others hunting for at least one of your questions. — peacetype, Oct 01 '20 at 05:41
@peacetype: Respectfully, I don't think the two questions are different. Both the questions are related to the same topic, and they are inter-related. — awsuser2021, Oct 01 '20 at 05:51

John Rotenstein · Accepted Answer · 2020-10-01T21:04:55.027

2

A few options:

Use a Network Load Balancer instead of an Application Load Balancer. An NLB can use a static IP address.
Use AWS Global Accelerator to have a static IP address that redirects to the Application Load Balancer.
Put an NLB in front of the ELB. See: Using static IP addresses for Application Load Balancers | Networking & Content Delivery

You could then configure a domain name to point to the Elastic IP address. Then, your users should:

Whitelist the Elastic IP address
Access the service via the domain name

edited Oct 01 '20 at 21:04

answered Oct 01 '20 at 10:32

John Rotenstein

241,921
22
380
470

Thanks John. Will using an "A record" in Route 53 work? I'd appreciate your thoughts. – awsuser2021 Oct 01 '20 at 19:04
Yes. I've added some information. – John Rotenstein Oct 01 '20 at 21:05
Thank you so much, John. If I could summarize your thoughts: we need an NLB or Global Accelerator for static address. Then, we can create an "A Record" in Route 53 to point to this static address. Moreover, clients will whitelist the Elastic IP address. Did I capture it correctly? Thanks again so much for your help. I am a newbie, and this is extremely helpful for me. – awsuser2021 Oct 02 '20 at 18:15
Yes, that is correct. Or, you could swap out the Application Load Balancer and replace it with a Network Load Balancer. If suitable, that's simpler. – John Rotenstein Oct 02 '20 at 21:35
Thanks John! I appreciate your help. – awsuser2021 Oct 03 '20 at 17:57

Using whitelisted IP Addresses on client's firewall

1 Answers1