Can the endpoint URL be separated from the admin console for security?

We want to set up OpenReplay in AWS where our SaaS product streams events to a public endpoint, but the admin console for session replay is secured behind a VPC.

However it seems the default deployment on EC2 in AWS results in a single URL https://openreplay.[mydomain].com for both the events endpoint and the admin console.

How could I secure the admin console separately to the events endpoint? eg.

https://openreplay-events.[mydomain].com
https://openreplay-admin.[mydomain].com (must be on VPN to access)

?

If thatโ€™s not possible then how could I secure the events URL in the gateway without exposing the admin console to the public? eg.

https://openreplay.[mydomain].com/post-events โ†’ routed via public gateway
https://openreplay.[mydomain].com/* โ†’ accessible on VPN

You should be able to do blacklist the openreplay endpoint using following

openreplay -e
frontend:
  ingress:
    annotations:
      nginx.ingress.kubernetes.io/whitelist-source-range: 49.36.X.X/32