Limiting Incoming Endpoint Traffic for CDE Services For AWS
You can limit incoming endpoint traffic for a CDE service.
Note the CDE service ID, which you can obtain from the URL in the CDE Management
Console when the service is highlighted:
- Go to the AWS console for the account where the CDE service is enabled.
EC2 -> Load Balancersin the AWS console and enter the following filter:
tag:cde-cluster-id : <id_from_step_1> , e.g. tag:cde-cluster-id : cluster-cn92cs9g
- Select the Load Balancer instance and then under the Description tab in the Detail window, click on the link to the Source Security Group.
- In the subsequent view, select the correct security group ID.
- In the subsequent window, click Edit inbound rules.
Modify the "0.0.0.0/0" CIDR ranges for the HTTPS rule to your desired CIDR ranges.
Add additional ranges and rules as required but note that HTTPS traffic must be enabled for each range. The HTTP (port 80) and ICMP rules can be removed.