0

At the time of posting this, there is a hard limit of 1000 inbound rules per VPC in AWS that cannot be increased. It is calculated as such:

Inbound or outbound rules per Security Group * Security groups per network interface cannot exceed 1000

So you can have: 5 SGs each with 200 rules, or 6 SGs each with 166 rules, and so on

This poses an issue when you need to allow more than 1000 inbound rules into a VPC.

Alternative way to control inbound traffic is Network ACLs, so you can have up to 200 Network ACLs with 20 Rules per network per VPC but this controls traffic at subnet level rather than instance level, so theoretically it is possible set more inbound rules using ACls.

That said, I am wondering if there are any other common ways to control inbound traffic to EC2 instances that would allow me to whitelist more than a 1000 IPs per VPC?

Thanks

Ramin
  • 267
  • 1
  • 4
  • 13

1 Answers1

-1

You can allow traffic into an AWS VPC from more than 1000 IPs by creating a security group with a rule that allows traffic from the IP range of your choice. You can also use a Network Access Control List (ACL) to allow traffic from specific IPs or IP ranges. Additionally, you can use AWS WAF to create a whitelist of IPs that are allowed to access your VPC.

Chaitanya
  • 3,590
  • 14
  • 33
  • Thanks for the answer. I have already refactored the IPs into CIDR ranges to free up a bit more space but still need more. I think ACLs are an option worth exploring too as you said. I'll have to look into AWS WAF though to see if I can configure it in front of my existing WAF (the one hitting the limit). – Ramin Dec 13 '22 at 13:54