I am new to AWS that's why, I am asking this question. Is it possible in AWS network firewall to only allow the incoming traffic from outside that comes from a particular DNS. According to my knowledge, it's easily possible with IP address but the problem is that the IP address of the source does not remain same and is dynamic. I have also read in various posts that in security groups we also can not mention DNS and we can only mention IP addresses. I have also read that in AWS network firewall, it's also possible to block traffic for a particular domain that's generated from EC2 instance using firewall but is it possible the other way around? Is it possible to only allow the traffic of the particular DNS that's coming from the Internet gateway to the VPC using AWS network firewall. Can anyone guide me in this regard?
Allow traffic on the basis of the host DNS instead of the IP that is coming from the internet gateway to the VPC in AWS Network Firewall
386 Views Asked by Usman Sajid At
1
There are 1 best solutions below
Related Questions in AMAZON-WEB-SERVICES
- "Access Denied" - User's Permissions to S3 Bucket
- Cohort analysis with Amazon Redshift / PostgreSQL
- Using Amazon KMS service on Heroku
- can't ssh in after cloning an EC2 instance on Amazon AWS
- Using HDFS with Apache Spark on Amazon EC2
- How can I access Mule ESB Community edition via browser?
- AWS EC2: Migrating from Windows to Linux Server
- AWS ELB Load Balancer: is it possible to set multiple session cookies?
- AWS Flow Framework: Can we run activity worker and activity task on different EC2 instances
- Unable to access files from public s3 bucket with boto
- Cloudfront stream only part of the video
- s3cmd not working as cron-task when echos/dates are added
- How to deploy django 1.8 on Elastic Beanstalk using Docker
- InstanceProfile is required for creating cluster - create python function to install module
- How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?
Related Questions in AWS-NETWORKING
- Aws private hosted zone dns not getting resolved from different vpcs in same account
- Need desperate help deploying a streamlit app using ECR + ECS on AWS. Unsure if networking issue or something else
- It's possible to use AWS service discovery within a private VPC?
- Communication between tasks in ECS with App Mesh and Cloudmap
- Can't connect to AWS SMTP from Cloud9 box
- Performing DNAT for AWS EC2 instance
- Connecting to mongodb behind AWS NLB sporadic timeouts
- EC2 instance can't access amazon-linux repos (eg amazon-linux-extras install docker) through s3 gateway endpoint
- How do I open my backend NodeJS app for HTTPS?
- AWS Task Definition warning when enabled "Auto-configure CloudWatch Logs"
- Move AWS account to another AWS Organization
- How to build an IAM authenticated VPC gateway on AWS?
- Exposing a ECS Service to the net
- Kubernetes service not routing UDP traffic with AWS network loadbalancer
- Unable to Access EC2 Instance in AWS Environment via Intermediate Account with VPC Peering
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
This doesn't sound like something you can solve with any security measures available natively from AWS or any reverse-proxy solutions I know.
You are most likely going down a rabbit hole of solving a problem at the wrong abstraction layer.
Can you talk about the higher-order problem you are trying to solve? e.g., what types of clients are you expecting to hit the applications? Where will you collect their DNS names in the first place? Why not use authentication at the application layer (passwords, multi-factor, certificates) to authenticate the sources?