Published May 25, 2018 by

Block Traffic From a Single IP in AWS

Some days ago, my one client complained me, our server being hammered by traffic from some particular IP.

It was causing a 20x increase in traffic to some URLs. So obviously I wanted to block all traffic from that single IP.

So here is a quick tutorial for doing this.

Open VPC dashboard
Open the “Network ACLs” view


Open the ACL editor

1. Select the subnet to which your EC2 instances or load balancers are connected.
2. Click "Inbound Rules"
3. Click "Edit"

Add a rule to block the traffic/IP

You will now see the ACL editor. On the last row, you can add a new rule.


Here is how you should fill out the fields:

#Rule
Use any number less than 100, which is the number of the default accept-all rule. This is important because rules are evaluated in order, and your rule needs to come before the default.

#Type
Select “All traffic” or Particular Protocol which you want to Block

#Source
The CIDR you want to block. To match a single IP address, enter it here and append /32. For example, I blocked 22.87.45.187/32

#Allow/Deny
Select “DENY”

Now click Save and you should see the updated rules table.