Enhance ELB with Ingress and IP-Whitelist Filters #9321
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hey Guys :)
We had a requirement to perform some more advanced Filters on Security Groups and/or WebACLs attached to ELBs.
Currently, the functionality in C7n for this is quite limited.
Example:
Example:
Within my Pull Request I have added the Ingress-Filter from the Security Group to the ELB Resources, so that it can be used directly here with all its Features.
Plus, I have added a new WAFv2-Filter that performs a deep rule introspection to check for any IPSetStatements and proper IP-Whitelist functionality on ALBs (based on customer needs).
Example:
Please let me know if you think it would be a nice contribution to the ELB Resources and whether you want to improve/adjust certain parts.