8

I'm trying to find a good way of being able to address my EC2 database instance from both inside and outside of the datacenter. Other EC2 instances need to be able to call into it, and other clients like pgAdmin might need to connect to it from the outside world as well.

It's my understanding that using the internal and external DNS names is sustainable long term as each reboot leads to a change.

I'm thinking of associating an Elastic IP with the instance and giving it an A record (say db1.mydomain.com) which I then will use both within and outside the datacenter. Further instances in the same role will get the same treatment and a DNS record of db2.mydomain.com etc.

Now, is there a cleaner and more stable way of achieving this result? Am going about this the wrong way? Suggestions?

Alexandr Kurilin
  • 566
  • 1
  • 8
  • 22

2 Answers2

13

Associating an Elastic IP with the instance is how this is done.

Be aware, that unless you are using VPC, that your elastic IP will disassociate if you stop the instance, and you will have to manually reassociate it when you restart the instance.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Just to double-check, once you associate the elastic IP, would you use the new DNS record both internally and externally? Also, would you recommend I setup VPC for a simple 3-4 instance architecture? I haven't used VPC before, and was wondering if that was a recommended practice at my scale. – Alexandr Kurilin Jun 30 '13 at 00:09
  • 1
    I'd use the internal IP address internally, and the external IP address externally. Your scale doesn't really matter for VPC, but it does make it easier for your instances to talk to each other with your internal IPs. – Michael Hampton Jun 30 '13 at 00:11
  • 1
    @AlexandrKurilin - I slightly disagree with Michael's suggestion: you could/should just use the new DNS record both internally and externally due to a little known, but nonetheless quite helpful feature of the AWS DNS infrastructure, see [Public IP Addresses and External DNS Hostnames](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses): _We resolve an external DNS hostname to the public IP address of the instance outside the network of the instance, and to the private IP address of the instance from within the network of the instance._ – Steffen Opel Jun 30 '13 at 16:08
  • 1
    @SteffenOpel This doesn't apply if he's using _his own_ hostname in his own domain. – Michael Hampton Jun 30 '13 at 17:30
  • 1
    @MichaelHampton - Ah right, I've overlooked that Alexandr is planning to use his own A record indeed (rather than a CNAME for the AWS one for example); in this case your suggestion is obviously spot on regarding the desirable routing and cost benefits implied when using the internal IP address where possible, sorry for the sloppy assessment of the question at hand. – Steffen Opel Jun 30 '13 at 18:24
  • Folks, I'm not fully sure what you mean by "his own hostname in his own domain". Would you mind clarifying? I'm right now using a mix of Route 53, VPC and elastic IPs to make it happen. I'm only thinking of using private IPs directly since I now control the IP allocation within the subnet and know what instance gets what specific IP (which stays the same throughout reboots) – Alexandr Kurilin Jul 01 '13 at 23:49
5

Here are the standard best practice steps for the most flexible, efficient, and cost-effective approach:

  1. Create an Elastic IP address and associate it with the instance.

  2. Create a DNS entry which is a CNAME pointing to the external DNS name for the elastic IP address.

  3. Whenever you stop/start the instance (or wish to point the name to a new instance) simply associate the Elastic IP address with the desired instance. No DNS updates required.

Use the new DNS name both inside and outside of EC2.

When the DNS name is used outside of EC2, it will resolve to the public IP address of the instance (i.e., the Elastic IP address).

When the DNS name is used inside of EC2 (in the same region as the instance) it will resolve to the then-current private IP address of the instance to which the Elastic IP address is associated.

This makes your internal network traffic faster and cheaper between the EC2 instances accessing the server. It also allows you to use security groups to allow access to specific ports from other EC2 instances.

I go into more details in this article: http://alestic.com/2009/06/ec2-elastic-ip-internal

If you use VPC, you don't need to reassociate the Elastic IP address after stop/start, otherwise everything works the same.

Eric Hammond
  • 11,163
  • 1
  • 36
  • 56