I am trying to run a NLB > ALB with Lambda configuration according to this documentation https://aws.amazon.com/blogs/networking-and-content-delivery/using-aws-lambda-to-enable-static-ip-addresses-for-application-load-balancers/
I guess my complication is similar to this one AWS NLB to ALB IP Whitelisting
This setup without whitelisting works so far but I need to whitelist IPs somewhere in this configuration.
The NLB is somewhat bound ( by the Lambda function ) to a target group with the IP type which drops the client source ip for any whitelisting approach on the ALB.
Curling with a X-Forwarded-For curl --header "X-Forwarded-For: IP.xx.xx is dropped.
As of September 27th, 2021 AWS added support for a more lean configuration utilizing a NLB with a target group that can target the ALB directly (look at the top update https://aws.amazon.com/blogs/networking-and-content-delivery/using-aws-lambda-to-enable-static-ip-addresses-for-application-load-balancers/ or the actual implementation of this new feature How to register alb as target for a targetgroup via terraform)
- Apparently it seems that (their new feature) ALB target groups do not work in AWS China. they work flawlessly in other regions.
- The Nginx-ingress or AWS-load-balancer ingress controllers are not suited for this?
- Global Accelerator (which could support some WL techniques) does not work in AWS China.
- A separate (but in the same VPC) Nginx instance seems not to work properly being an unhealthy instance target for a layer 4 network-load-balancer.
Does anyone has an idea how to pull Whitelisting off with the given setup?
