Static IP using Elastic Beanstalk

C

3

30

I need the static IP to allow access to a firewalled network not on the AWS network.

Is it possible to get a static IP for a load balanced app using Elastic Beanstalk? I'm following the AWS docs regarding using Route 53 to host my app with a domain name, but from what I've read, this does not ensure a static IP because it is essentially using a CNAME allowing the IP behind the scenes to change. Is that the right understanding? Is it possible at all?

Cistern answered 15/10, 2014 at 19:33 Comment(0)

D

-3

Deploy your beanstalk environment in VPC, and with the right configuration, a static IP for outbound traffic is easy.

In this setup, your instances all relay their outbound traffic through a single machine, which you can assign an elastic IP address to. All of the inside-originated, Internet-bound traffic from all of the instances behind it will appear, from the other network, to bw using that single elastic IP.

The RDS portion of the following may be irrelevant to your needs but the principles are all the same.

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo-vpc-rds.html

Diffractometer answered 16/8, 2016 at 8:4 Comment(5)

The link doesn't help at all – Vries 24/4, 2018 at 4:45

I can't find answer for this question on above link. Please write your solution here. And give link as reference. – Endoblast 4/12, 2018 at 9:6

I can not delete this answer because it is accepted..but this answer is not relevant anymore and old – Diffractometer 3/2, 2020 at 20:59

How do you expect private IP address to be used for external firewall? – Rotten 12/10, 2020 at 16:30

I just copied the most voted answer(@Michael - sqlbot) instead of the previous one. i could not delete it because it is accepted. (@ The Cloud Guy) – Diffractometer 13/10, 2020 at 17:43

O

16

This post helped me get a static IP for outgoing requests by using a NAT Gateway, and routing specific requests through it.

I needed this static IP in order to be whitelisted from an external API provider.

I found this way much easier than the provided by AWS, without the need of creating a new VPC and a private and public subnets.

Basically, what I did was:

Create a new subnet to host the NAT Gateway.
Create the NAT Gateway in the above subnet, and assign a new Elastic IP. This one will be our outgoing IP for hitting external APIs.
Create a route table for the NAT subnet. All outbound traffic (0.0.0.0/0) should be routed through the NAT Gateway. Assign the created subnet to use the new route table.
Modify the main route table (the one that handles all our EC2 instances requests), and add the IP(s) of the external API, setting its target to the NAT Gateway.

This way we can route any request to the external API IPs through the NAT Gateway. All other requests are routed through the default Internet Gateway.

As the posts says, this is not a Multi AZ solution, so if the AZ that holds our NAT Gateway fails, we may lose connection to the external API.

Update:

See @TimObezuk comment to make this a Multi-AZ solution.

Ovotestis answered 9/3, 2018 at 19:18 Comment(7)

Author of the post you referenced here. I'm glad to hear it helped you :) It's simple to make this a Multi-AZ solution by creating a NAT Gateway within each Subnet / Availability Zone and adding a route to each rather than the Main Route Table in the VPC. The drawback is you would need to whitelist many Elastic IP addresses as each NAT Gateway has a unique IP address, as well as the additional cost of many NAT Gateways. – Likely 12/3, 2018 at 3:53

Yeap @TimObezuk, I figured that setting that for each AZ would make your solution a Multi-AZ one. I will have to try it though. Thanks for the awesome post! – Ovotestis 12/3, 2018 at 14:32

This only works if you know the IP address of the external service, and if the service themselves have a static IP. See my question here: #49994740 – Vries 24/4, 2018 at 5:50

@Vries exactly it only works if you know the IP address of the external service or at least it it is static. How do you solve it with a dynamic IP ? Issue here : #52697634 – Pettigrew 22/10, 2018 at 7:34

Any idea how to do this for an API with doesn't expose IP? I want to request a domain which white lists my IP address. – Pearman 28/2, 2019 at 12:43

@TimObezuk on step 5, where do you get the number 54...(blurred out) from - also how where can i find the new (static) IP to enable myself to be whitelisted. – Devaney 9/10, 2019 at 14:36

Hey @raklos, that one is the destination server that you are trying to reach (the one that should whitelist your IP). On the other hand, the IP to be whitelisted (your outgoing IP) is the elastic IP that AWS gives you in step 2 when you create the NAT gateway. – Ovotestis 10/10, 2019 at 2:34

S

13

Deploy your beanstalk environment in VPC, and with the right configuration, a static IP for outbound traffic is easy.

In this setup, your instances all relay their outbound traffic through a single machine, which you can assign an elastic IP address to. All of the inside-originated, Internet-bound traffic from all of the instances behind it will appear, from the other network, to bw using that single elastic IP.

The RDS portion of the following may be irrelevant to your needs but the principles are all the same.

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo-vpc-rds.html

Stipendiary answered 16/10, 2014 at 5:11 Comment(2)

I'm going to read into this, but just a quick follow-up, can the beanstalk environment still be load balanced using this setup? – Cistern 16/10, 2014 at 15:39

@Cistern yes. This setup only impacts the way the servers access the Internet, outbound, when they originate traffic. Inbound traffic still goes through the load balancer, as before. The main application servers in one of our platforms use almost exactly this setup, behind ELB. The machine with the static address is not one of your beanstalk machines, it's a new instance, always on... but it can be a very small instance (even a micro) and still not give you any performance grief. The ELB traffic is completely independent of this machine and the related configuration. – Stipendiary 16/10, 2014 at 19:39

D

-3

Deploy your beanstalk environment in VPC, and with the right configuration, a static IP for outbound traffic is easy.

In this setup, your instances all relay their outbound traffic through a single machine, which you can assign an elastic IP address to. All of the inside-originated, Internet-bound traffic from all of the instances behind it will appear, from the other network, to bw using that single elastic IP.

The RDS portion of the following may be irrelevant to your needs but the principles are all the same.

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo-vpc-rds.html

Diffractometer answered 16/8, 2016 at 8:4 Comment(5)

The link doesn't help at all – Vries 24/4, 2018 at 4:45

I can't find answer for this question on above link. Please write your solution here. And give link as reference. – Endoblast 4/12, 2018 at 9:6

I can not delete this answer because it is accepted..but this answer is not relevant anymore and old – Diffractometer 3/2, 2020 at 20:59

How do you expect private IP address to be used for external firewall? – Rotten 12/10, 2020 at 16:30

I just copied the most voted answer(@Michael - sqlbot) instead of the previous one. i could not delete it because it is accepted. (@ The Cloud Guy) – Diffractometer 13/10, 2020 at 17:43

Recommended topics

Hot tags