Securing server open ports to specific hosts?
I have a question that I'm not sure if there's an answer to. I'm running an entire Unifi setup for my house. I am big into home automation and leverage Amazon's Echo when I can. A new feature to the Echo came out where I can ask it to access my media library and automatically play movies, music, etc via voice commands. In order to do this however, Amazon's Alexa web services have to be able to access my media server on a specific port. Therefore, at this time, my media server [Plex] has remote access turned on an I've created a Port-Forward on the USG to allow traffic to my server.
I wanted to see if I could take this one step further and somehow scope the access to only Amazon. Granted, this would mean I would need the address range amazon is using or perhaps I can scope via Domain, however, it this something the USG can do at Layer 3, stopping the traffic from passing the USG? Or would I need to do this from a software firewall standpoint, blocking access at the actual server?
Thanks in advance!