Add referencing existing security groups for inbound traffic #4002
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
shraddhabang
added
the
kind/feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
Enable more flexible management of security groups, I add a security group source chaining feature to inbound security groups. This is great for allowing traffic from public IP spaces, but for internal ALBs, it would be ideal to allow inbound traffic from specific security groups. For instance, allowing API Gateway traffic (via VPC Link) to an ALB without exposing the ALB to the entire subnet or VPC. It would be preferable to reference the security group of the VPC Link. Similarly, you might want to allow a specific EC2 instance (not part of the EKS cluster) to connect to an ALB while restricting access for another EC2 instance.
Describe the solution you'd like
The ALB should support security group chaining in inbound security groups. This is a key feature.
Describe alternatives you've considered
Instead of referencing security groups, you can use CIDR blocks to define inbound rules. However, this approach lacks the granularity and specificity of using security groups, as it might require opening broader IP ranges and can increase the attack surface.
Related items
#3829 (PR)
#2688
The text was updated successfully, but these errors were encountered: