The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

425617 (8) [Avatar] Offline
#1
Chapter 9 and 10 - authentication service. Can these be restricted to be accessed from a specific ip only?

Not sure if I can achieve it and how, as I can read:

If you instead use a service to call the target service on your behalf, the target service sees the IP address of the calling service rather than the IP address of the originating user. This can happen, for example, if you use AWS CloudFormation to call Amazon EC2 to construct instances for you. There is currently no way to pass the originating IP address through a calling service to the target service for evaluation in an IAM policy. For these types of service API calls, do not use the aws:SourceIp condition key.


Can I just update cognito (unauthenticated) role (or its trust relationships) with?:

"Condition": {"IpAddress": {"aws:SourceIp": [
"203.0.113.0/24"
]