# How to resolve Sprinto check to restric public access on AWS application load balancer

### About:&#x20;

Sprinto Check: AWS application load balancer should be protected from direct internet traffic

This Sprinto check verifies that your AWS Application Load Balancer (ALB) is properly configured to prevent direct access from the internet, ensuring that only authorized traffic can reach your applications and services.

### Purpose:&#x20;

The purpose of this check is to enhance the security posture of your AWS environment by limiting the attack surface and potential entry points for unauthorized access. By restricting direct internet access to your Application Load Balancer, you can mitigate the risk of distributed denial-of-service (DDoS) attacks, unauthorized traffic, and potential exploitation of vulnerabilities.

### How to fix

Follow the below steps to fix this check

#### Before you begin

* Ensure you have admin access on the AWS account to modify the load balancers configurations.

#### Restrict public access to Application Load Balancer (ALB)

1. Log in to the [AWS Console](https://aws.amazon.com/console/) using your credentials or the Single Sign-On (SSO) option.
2. Navigate to the AWS EC2 service.
3. Click on Load balancer from the navigation bar on the left side.<br>

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72099393617/original/3FvjNzrrbBQqHOv3zdXrmc6YVTg5isdJEQ.png?1716569568" alt=""><figcaption></figcaption></figure>
4. Select the ALB from the list for which you wish to review the public access.
5. Click on the Security tab to review the ALB's assigned security group. Ensure the security group allows inbound traffic from trusted sources, such as your corporate network or VPN, and denies direct access from the Internet.
6. Repeat the above steps to for all ALB created on AWS EC2 service.

Sprinto detects the configuration change and sets the check status to “Passing.”

Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries related to the check or need assistance.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/monitors/cloud-and-infrastructure-monitoring/aws/how-to-resolve-sprinto-check-to-restric-public-access-on-aws-application-load-balancer.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.