I want clients to connect to AWS IoT Core to publish MQTT messages using a public DNS.
The setup is: Route53 -> Public NLB -> Target Group Port 8883 -> VPC Endpoint (iot.data) -> IOT Core
To restrict the client's IP I need to adjust the security group of the VPC endpoint which I did. I also enabled the "preserve_client_ip.enabled" attribute of the Target Group. But when checking the AWS IoT logs the "Publish-In" event has still "172.31.44.183" as source IP.
My impression was the original client's IP was preserved not the one from the NLB.