there is already a proxy protocol policy created for the ingress elb, but this also needs to be attached to the backend server.

to do this manually with the cli:

aws elb set-load-balancer-policies-for-backend-server --load-balancer-name <clusterid>-ingress --instance-port 30010 --policy-names <clusterid>-ingress-proxy-protocol-policy
aws elb set-load-balancer-policies-for-backend-server --load-balancer-name <clusterid>-ingress --instance-port 30011 --policy-names <clusterid>-ingress-proxy-protocol-policy

the ingress controller then needs to be configured with use-proxy-protocol: "true" in the ingress-nginx configmap.

result will be that the services behind elb and ingress still see the clients ip addresses.