nym February 2016

How do you allocate STATIC addresses to an EBS (beanstalk) within a VPC?

Our current website uses elastic beanstalk to create instances, but we need to whitelist the IPs so they can talk to a private resource.

How do you do this? The EBS uses a VPC with a public subnet.

Thanks!

Answers


Matt Houser February 2016

There are 2 possible options to achieve what you want.

Option 1:

If your backend EC2 intances are in a public subnet, you could pre-allocate a pool of Elastic IP addresses and whitelist them with your private resource.

Since your EC2 instances are created by an Auto Scaling group (I assume), you would then have a script that runs on your EC2 instance that would select an Elastic IP address from your pool and associate it with the instance.

A problem occurs if your pool of Elastic IP addresses runs out.

Option 2:

If your EC2 instances are in a private subnet, then you would have all outbound traffic from your EC2 instances go through a NAT.

You would allocate a single Elastic IP address and whitelist that Elastic IP address with your private resource.

If you associate the Elastic IP address with your NAT, then your private resource will see the traffic from all your EC2 instances as originating from the whitelisted IP address.

Additional Comments

Since you have the public facing ELB, your backend EC2 instances should be in private subnets for security purposes.

This, along with the extra scripting required for option 1, makes option 2 the preferred choices.

Post Status

Asked in February 2016
Viewed 2,582 times
Voted 6
Answered 1 times

Search




Leave an answer