Proposal for #2557
In order to restrict access to the load balancer we will provide an option to configure PublicHTTPLoadBalancerSecurityGroup.
Allow restricting access to the load balancer via limited IP addresses only. This will introduce a new manifest field source_ips that can hold up to 50 IP addresses.
http:
public:
ingress:
source_ips: [ip1, ip2, ...]
In the future, we could extend the manifest so that people can attach their own security groups to the public load balancer. Below is an example of a potential proposal for this functionality
http:
public:
security_groups:
deny_default: true # remove copilot created security group
groups: [sg123, sg789] # import your own secuirty group
When deny_default is set to true and security groups are mentioned, then Copilot created security groups will be removed and customer-provided security groups will be attached to the load balancer.
We appreciate any feedbacks!
Proposal for #2557
In order to restrict access to the load balancer we will provide an option to configure
PublicHTTPLoadBalancerSecurityGroup.Allow restricting access to the load balancer via limited IP addresses only. This will introduce a new manifest field
source_ipsthat can hold up to 50 IP addresses.In the future, we could extend the manifest so that people can attach their own security groups to the public load balancer. Below is an example of a potential proposal for this functionality
When
deny_defaultis set totrueand security groups are mentioned, then Copilot created security groups will be removed and customer-provided security groups will be attached to the load balancer.We appreciate any feedbacks!