Amplify-console: [Feature request] IP whitelisting: How to block specific IPs from accessing the backend?
Note: If your question is regarding the AWS Amplify Console service, please log it in the
official AWS Amplify Console forum
* Which Category is your question related to? *
Security
* What AWS Services are you utilizing? *
Appsync, Amplify, Cloudfront, Lambda
* Provide additional details e.g. code snippets *
I created an amplify graphql project thru AWS Amplify pipeline with custom domain. I need to block some ip ranges for some security reasons. Is it currently possible to add allowed IP ranges thru paramaters/templates?
incr3m
All 7 comments
@incr3m Let me take this back to the team, because it involves other services too, it is out of scope for the CLI for sure, but perhaps we can come up with an answer to your question.
attilah
on 1 Jul 2019
8
swaminator
on 30 Jul 2019
Would love something like that.
marlonmarcello
on 1 Jun 2020
Is this feature available now?
I deployed the following website
frontEnd: React + Amplify
backEnd: apigateway + lambda
I want to restrict the access to only my company network
Made a resource policy to restrict ip access for the APIGateway for the backEnd
I am using the password authentication for now in the frontEnd. But How to add ip restriction in amplify?
Vineeth-Avvaru
on 5 Jun 2020
@Vineeth-Avvaru nope, not available yet.
mwarkentin
on 5 Jul 2020
if you are hosting the frontend in S3 could you not apply a bucket policy to restrict access to certain IP addresses?
Something like:
"Version": "2012-10-17",
"Id": "IPRestrict",
"Statement": [{
"Sid": "IPRestrict",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::awsexamplebucket",
"arn:aws:s3:::awsexamplebucket/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"10.10.10.10/32",
"22.22.22.22/32"
]
}
}
}]
}
pauljflo
on 5 Nov 2020
@pauljflo
if you are hosting the frontend in S3 could you not apply a bucket policy to restrict access to certain IP addresses?
Something like:
"Version": "2012-10-17", "Id": "IPRestrict", "Statement": [{ "Sid": "IPRestrict", "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::awsexamplebucket", "arn:aws:s3:::awsexamplebucket/*" ], "Condition": { "NotIpAddress": { "aws:SourceIp": [ "10.10.10.10/32", "22.22.22.22/32" ] } } }] }
If you use amplify add hosting and choose s3andCloudFront which is PROD build you have the ability to modify these settings through cloudfront directly, however if you mean choosing S3Hosting which is DEV perhaps through there you may add those settings you mentioned however you are limited to http and not https. You could create a cloudfront distribution directly and add the s3 bucket as its source origin.
IsaacTrevino
on 30 Nov 2020
Related issues
dongjason1
路
3Comments
nhhaidee
路
3Comments
BardiaN
路
4Comments
ckamps
路
3Comments
hassankhan
路
4Comments
Most helpful comment
Is this feature available now?
I deployed the following website
frontEnd: React + Amplify
backEnd: apigateway + lambda
I want to restrict the access to only my company network
Made a resource policy to restrict ip access for the APIGateway for the backEnd
I am using the password authentication for now in the frontEnd. But How to add ip restriction in amplify?