How do I limit HTTP port 80 access of my EB environment only to some other security group in my cloud?
You can’t do this for internet facing ALB. If you setup
env1.company.internal private hosted zone record for public ALB, it will just resolve to public IP addresses of the ALB.
Therefore, you can’t use SGs in ALB SG ingress rules to limit traffic. That’s why it works with
HTTP ANY IP, but not with reference SGs.
If you want to overcome this issue, you can attach an Elastic IP to your other instance, and limit port 80 on ALB to only allow connections from the Elastic IP address. For more instances, you can use NAT gateway‘s public IP address.
CLICK HERE to find out more related problems solutions.