Advanced Concepts in AWS Load Balancing: Security & Listener Rules

In this lesson, we explored two key advanced concepts for AWS Application Load Balancers (ALB):

1. Enhancing Network Security
2. Configuring Listener Rules for Routing

1. Enhancing Network Security for Load Balancers

By default, an EC2 instance is accessible both directly via its public IP and indirectly through a Load Balancer. However, for better security, it is recommended to restrict direct access and only allow traffic from the Load Balancer.

Steps to Restrict Direct Access to EC2 Instances

1. Navigate to the EC2 Console → Select Instances → Click on Security Groups.
2. Find and select the security group associated with the EC2 instance (e.g., launch-wizard-1).
3. Edit the inbound rules:
   • Locate the existing HTTP rule, which likely allows access from anywhere (0.0.0.0/0).
   • Delete this rule.
4. Create a new rule:
   • Select HTTP (port 80).
   • Instead of a CIDR block, select the security group of the Load Balancer.
5. Save the changes.

Result:

• Now, direct access to the EC2 instance via its public IP is blocked.
• However, requests through the Load Balancer will still reach the EC2 instance.

2. Configuring Listener Rules for Routing

AWS ALB supports listener rules that define how incoming requests are handled.

Steps to Create a Custom Listener Rule