How the client IP address is preserved in AWS Global Accelerator
AWS Global Accelerator preserves the source IP address of the client differently for Amazon EC2 instances and Application Load Balancers:
-
For an EC2 instance endpoint, the client’s IP address is preserved for all traffic.
-
For an Application Load Balancer endpoint with client IP address preservation, Global Accelerator works together with the Application Load Balancer to provide an
X-Forwardedheader,X-Forwarded-For, that includes the IP address of the original client so that your web tier can access it.
HTTP requests and HTTP responses use header fields to send information about the HTTP
messages. Header fields are colon-separated name-value pairs that are separated
by a
carriage return (CR) and a line feed (LF). A standard set of HTTP header fields
is
defined in RFC 2616,
Message HeadersX-Forwarded prefix.
Because an Application Load Balancer terminates incoming TCP connections and creates new connections to your backend targets, it does not preserve client IP addresses all the way to your target code (such as instances, containers, or Lambda code). The source IP address that your targets see in the TCP packet is the IP address of the Application Load Balancer. However, an Application Load Balancer does preserve the original client IP address by removing it from the original packet’s reply address and inserting it into an HTTP header before it sends the request to your backend over a new TCP connection.
The X-Forwarded-For request header is formatted like this:
X-Forwarded-For:client-ip-address
The following example shows an X-Forwarded-For request header for a client
with an IP address of 203.0.113.7.
X-Forwarded-For: 203.0.113.7
