0

In this configuration the apache server instances are all in the same VPC (across several subnets) and all incoming requests are managed via an elastic load balancer, (with ProxyProtocol=On on each instance).

These instances serve 40+ websites in the same VPC behind the same loadbalancer.

When any of the sites on these instances initiate an outgoing http request, the request goes through the load balancer and then comes back as originating from the instance's public IP address. These are all pretty random (but once assigned, they are fixed for the lifespan of the instance).

For instance, when the site 'foo' uses a wget/curl to invoke site 'bar', that request will still arrive through the loadbalancer to bar, using foo's public ip, not foo's local network id.

We need a mechanism that allows us to identify whether or not that public IP belongs to an instance within the VPC. We could always use a manual register - but if there is a better way?

Konchog
  • 101
  • 2
  • I don't follow what you're trying to achieve. Load balancers are typically for incoming requests being sent to a group of EC2 instances, rather than outbound requests. – Tim Feb 03 '22 at 17:31
  • @Tim, yes that's right. But if I have 40 websites in the same VPC behind the same loadbalancer, and site 'foo' uses a wget/curl to invoke site 'bar', that request will still arrive through the loadbalancer to bar, using foo's public ip. – Konchog Feb 03 '22 at 18:19
  • 1
    Ah, that's a pretty critical piece of important that you should put into your question. If all the EC2 servers are inside a VPC I would consider using a Route53 private hosted zone for each domain so that the request went directly from instance to instance rather than via public endpoints. – Tim Feb 03 '22 at 20:50

0 Answers0