I am researching the possibility of limiting access to an application in the Kyma runtime based on client IP address. I have attempted to follow guidance from Istio documentation (https://istio.io/latest/docs/tasks/security/authorization/authz-ingress/), but it seems I need to be aware of the type of AWS network components are being used. I don't have visibility of the AWS components, so I have tried several approaches and always find that I have a non-routable, internal address as the client address. Has anyone achieved this in the BTP Kyma environment?