Someone has hacked your AWS infrastructure and in pursuit of using different services inside it.
After checking you came to know that specific IP address is trying to access your AWS infrastructure, then immediately block the specific IP address you have identified.
In this article, we are going to show you how you can block a particular IP or list of IPs from accessing your infrastructure.
Steps to Block IP in AWS VPC ( Global Level):
Step 1: Go to VPC services section and find your VPC.
Step2: Click on the VPC go into the Details page and find the Main network ACL[MNACL] of the VPC.
Step3: Click on the MNACL ID hyperlink and go to the MNACL Inbound rules tab.
Step4: Click on the Edit Inbound Rules button.
Step 5: On the Edit Inbound Rules page. Click on the Add new rule button.
Step 6: Give a Rule number lower than the All traffic – Allow the rule which defaults to 100 you can give 1 or lower than 100 and work your way upwards upon every single IP you are blocking. Here we have add 99 instead of 1.
Step7: Choose the Type from the drop-down. Select All Traffic to block all the traffic from the IP.
Step8: Enter the Port Range you would like to block. Choose All for all the ports ( If you have chosen All traffic this is not needed).
Step9: Enter the Source IP CIDR range if single IP add /32 at the end. We have add IP address [52.17.98.131/32] to block.
Step10: Select Deny to deny the requests coming from the IP matching the port range.
Step11: Click on the Sort by rule number to validate that the default rule 100 is staying at the bottom.
Step12: Save the changes by clicking on Save Changes.
This is how you can block an IP address Global level of your overall infrastructure.
