Custom::ProxylityUdpGatewayListener ClientRestriction

Specified the clients (IP addresses) allowed to make use of the listener. Packets from clients not specified here will be ignored.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Networks" : [ String, ... ],
  "Domains" : [ String, ... ]
}
    

YAML

Networks: 
        - String
Domains: 
        - String
    

Properties

Networks

Array of IPv4 or IPv6 CIDRs that identify allowed clients. IP addresses matching any CIDR in the array will be allowed.

Required: No

Type: List of String

Update requires: No interruption

Domains

Array of domain names that identify allowed clients using Client Policy Framework DNS records. Domains can be used when maintaining the list of allowed CIDRs is more easily done externally to Proxylity.

Required: No

Type: List of String

Update requires: No interruption

Examples

Allow All Traffic (IPv4 and IPv6)

To allow traffic from any IP address, use the universal CIDR blocks:

JSON

{
  "Networks": [
    "0.0.0.0/0",
    "::/0"
  ]
}
    

YAML

Networks:
  - "0.0.0.0/0"
  - "::/0"
    

Single IP Address

To restrict access to a single specific IP address:

JSON

{
  "Networks": [
    "203.0.113.45/32"
  ]
}
    

YAML

Networks:
  - "203.0.113.45/32"
    

Public /24 Network

To allow traffic from an entire /24 network (256 addresses):

JSON

{
  "Networks": [
    "198.51.100.0/24"
  ]
}
    

YAML

Networks:
  - "198.51.100.0/24"
    

Multiple Networks

You can combine multiple CIDR blocks to allow traffic from different sources:

JSON

{
  "Networks": [
    "203.0.113.0/24",
    "198.51.100.0/24",
    "2001:db8::/32"
  ]
}
    

YAML

Networks:
  - "203.0.113.0/24"
  - "198.51.100.0/24"
  - "2001:db8::/32"
    

Using Domain-Based Restrictions

For dynamic IP ranges managed externally via DNS:

JSON

{
  "Domains": [
    "allowed-clients.example.com"
  ]
}
    

YAML

Domains:
  - "allowed-clients.example.com"