> There can be legitimate traffic coming from AWS, if not the site itself.
The traffic from the site itself, if it's hosted there, would come from the intranet IP address, right? Not the public facing one.
> It's especially true when the site provides an API and is meant to be integrated by people/companies. In which case, the AWS traffic is likely to include major and/or important and/or paying customers. You really don't want to block that.
Agreed, but it's fairly easy to block the AWS IP traffic on web endpoints and not on the API endpoints.
The traffic from the site itself, if it's hosted there, would come from the intranet IP address, right? Not the public facing one.
> It's especially true when the site provides an API and is meant to be integrated by people/companies. In which case, the AWS traffic is likely to include major and/or important and/or paying customers. You really don't want to block that.
Agreed, but it's fairly easy to block the AWS IP traffic on web endpoints and not on the API endpoints.