security - Restrict HTTP Access to Elastic Beanstalk

Question

Is it possible to restrict HTTP access to an Elastic Beanstalk application to only certain IP addresses? I"ve tried adding rules to my environment's Security Group but these don't appear to be having any effect. Is this because all HTTP traffic is routed through the Elastic Load Balancer, which isn't within the security group?

Answer 1

I have restricted HTTP access to an Elastic Beanstalk application to only certain IP addresses.
Following is my procedure.

1. Create new beanstalk environment in the VPC(Amazon Virtual Private Cloud).
   Please read following documents.
   Using AWS Elastic Beanstalk with Amazon VPC
   Example: Launching an AWS Elastic Beanstalk Application in a VPC
   note: I tried to create a new beanstalk environment(Tomcat) in the VPC using AWS Tookit for Eclipse last month. But I could not create a new beanstalk environment due to the bug of AWS Toolkit for Eclipse. Finally, I could create a new beanstalk environment using a elastic-beanstalk-create-environment command. Therefore I recommend to use elastic-beanstalk-create-environment command.

2. Create a new Network ACL(VPC's function) and open the inbound tab and configure to restrict source IP addresses. Set this Network ACL to the subnet of VPC which have a beanstalk's ELB.