Is there an option to Allow or Disallow access of Amazon Elastic Load Balancer in the "IP Address and Domain Restrictions" section in IIS? - I want my website to be viewable only to myself (my IP address). However, if I Disallow all and Allow only my IP address, Amazon ELB can't access the EC2 instance. I know that I can't Allow ELB by IP because it is changing all the time, is there any other option to allow ELB in the "IP Address and Domain Restrictions"?
Using Windows 2012 IIS8. Thanks.
The problem is, if you allow ELB access, anyone using ELB's outward facing IP address can access your website. You have no way of configuring IIS to disallow traffic based on the forwarded IP address.
You can create a private ELB if you are in a Virtual Private Cloud (VPC)
When used in a Virtual Private Cloud (VPC), you can create and manage security groups associated with your Elastic Load Balancing to provide additional networking and security options.
http://aws.amazon.com/elasticloadbalancing/
That way the ELB itself would only be accessible to you (or others you allow in the VPC).
If you want your ELB to be public facing, the X-Forwarded-For HTTP header will provide the originating IP address (e.g. your IP). You can write an IIS Module that checks for allowed forwarded IP's and rejects ones not on the Allow list. There's a module written by someone at F5 that would provide a good start:
https://devcentral.f5.com/blogs/us/x-forwarded-for-http-module-for-iis7-source-included