You’re trying to track down the source of suspicious traffic. You’re reading through CloudWatch logs, and you find the IP address of the requests. You realize the IP address belongs to your Elastic Load Balancer. What can you do to find out the IP address of the actual user?
When Elastic Load Balancer sends requests from its own IP address, it will include X-forwarded-for header, which has the IP address of the actual user.