Reputation: 5826
AWS Load balancing static IP range/Address
I have a API that has whitelisted IP addresses that are able to access it. I need to allow all AWS Elastic beanstalk EC2 instances to be able to access this API. So i need to either through VPC or Load Balancer settings configure a static IP or IP range x.x.x.x/32 that i can have whitelisted.
Im lost between the VPC, Load Balancer, Elastic Beanstalk, ETC. Need someone to break it down a bit and point me in the right direction.
Currently the load balancer is setup for SSL and this works correctly.
Thank you for your time
Upvotes: 0
Views: 260
Answers (3)
Reputation: 81336
The best way to accomplish this is to place your EB EC2 instances in a private subnet that communicates to the Internet via a NAT Gateway. The NAT Gateway will use an Elastic IP address. Your API endpoint will see the NAT Gateway as the source IP for all instances in the private subnet, thereby supporting adding the NAT Gateway EIP to your whitelist.
To quote Amazon, link below:
Create a public and private subnet for your VPC in each Availability Zone (an Elastic Beanstalk requirement). Then add your public resources, such as the load balancer and NAT, to the public subnet. Elastic Beanstalk assigns them a unique Elastic IP addresses (a static, public IP address). Launch your Amazon EC2 instances in the private subnet so that Elastic Beanstalk assigns them private IP addresses.
Load-balancing, autoscaling environments
Upvotes: 2
Reputation: 19728
You can setup a NAT Gateway and associate an Elastic IP address in your VPC. Configure the routing from subnets to use the NAT Gateway for egress traffic. Then from your API side, you only need to whitelist the Elastic IP address of your NAT Gateway.
Check this guide for more details.
Upvotes: 2
Reputation: 15351
You can assign Elastic IP addresses to ELB instances.
First you need to create a number of Elastic IP addresses. They will be unassigned by default.
The actual assignment can be triggered from the "User data" script that you can specify when creating a Launch Configuration for the ELB. The following two lines of code in the user data script should assign an IP:
pip install aws-ec2-assign-elastic-ip
aws-ec2-assign-elastic-ip --region ap-southeast-2 --access-key XXX --secret-key XXX --valid-ips 1.2.3.4,5.6.7.8,9.10.11.12
The list of --valid-ips should be the list of IPs you created in the beginning.
Upvotes: 0
Related Questions
- Assigning Static IP Address to AWS Load Balancer
- AWS Static IP to Load Balancer?
- IP address range for outbound requests from AWS EC2 in a load-balanced Elastic Beanstalk
- Use static IP for an AWS EB application's Network Load Balancer (NLB)?
- Assign a static IP address to an AWS Application Load Balancer
- AWS Load Balancer with a static IP address
- static IP for load balancer
- Assigning static IPs to auto scaled EC2 instance
- Load Balancing AWS
- Beeing able to use a static IP for an ELB from Elastic Beanstalk