Make it possible to protect ALB resources with AWS Shield Advanced

kubernetes-sigs / aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers

https://kubernetes-sigs.github.io/aws-load-balancer-controller/

Apache License 2.0

3.93k stars 1.46k forks source link

Make it possible to protect ALB resources with AWS Shield Advanced #1125

Closed hhamalai closed 4 years ago

hhamalai commented 4 years ago

It is currently not possible to use AWS Shield Advanced protection automatically with aws-alb-ingress-controller created ALB load balancers.

One can use AWS Firewall Manager to enable Shield Advanced protection on all resources automatically, but this conflicts with custom WAF ACLs.

I would like to know if it would be feasible to add an ingress annotation which would be processed by the reconcile loop to enable/disable Shield Advanced protection.

hhamalai commented 4 years ago

I'm trying to implement this one, created a pull request to keep you updated, but haven't done yet any actual testing besides the unit tests. https://github.com/kubernetes-sigs/aws-alb-ingress-controller/pull/1126

hhamalai commented 4 years ago

closed by #1126