Benefits of client IP address preservation
For endpoints that don’t have client IP address preservation enabled, the IP addresses used by the Global Accelerator service at the edge network replace the requesting user's IP address as the source address in the arriving packets. The original client's connection information—such as the IP address of the client and the client's port—is not preserved as traffic travels to systems behind an accelerator. This works fine for many applications, especially those that are available to all users such as public websites.
However, for other applications you might want to access the original client IP address by
using endpoints with client IP address preservation. For example, when you have the
client IP address, you can gather statistics based on client IP
addresses. You can also use IP-address-based filters, such as security groups on
Application Load Balancers, to filter traffic. You can apply logic that
is specific to a user's IP address in your applications that run on the web tier
servers behind that Application Load Balancer endpoint by using the load balancer's
X-Forwarded-For
header, which contains the original client IP
address information. You can also use client IP address preservation in security
group rules in the security groups associated with your Application Load Balancer or Network Load Balancer. For more information, see How the
client IP address is preserved in AWS Global Accelerator. For EC2 instance
endpoints, the original client IP address is preserved.
For endpoints that don't have client IP address preservation, you can filter for the source IP address that Global Accelerator uses when it forwards traffic from the edge. You can see information about the source IP addresses (which are also client IP addresses, when client IP address preservation is enabled) of incoming packets by reviewing your Global Accelerator flow logs. For more information, see Location and IP address ranges of Global Accelerator Edge servers and Configuring and using flow logs in AWS Global Accelerator.