Releasing Elastic IP on EC2 had Cloudfront stop working

Question

I had reached the limit of Elastic IP allocations in my AWS account. I have an Elastic Beanstalk app that is being served over Cloudfront. I thought since the app's CNAME was mapped to Cloudfront's CNAME, releasing the Elastic IP of the ec2 instance of the EB app should be fine, so I did it. However, the EB app has stopped working. Even if I tried to access the web app using Cloudfront's CNAME, it's still not reachable. The ec2 instance has got allocated a public IP address shortly after the Elastic IP got released.

Can someone shed some light? How can I fix this issue?

Thanks

Answer 1

In short: CloudFront doesn't sit in your VPC and talks with your EB over public internet. Hence your EB needs public IP to be accessible from CloudFront. The public IP can be Elastic IP or the "standard" ephemeral public IP.

Elastic IP has some advantages over the standard public IP - most importantly it can be moved from EC2 instance to EC2 instance, and it stays allocated in your account even if the EC2 is stopped.

I'm not sure if EB can work with the standard public IPs (non-EIPs). I guess not because they are quite unstable and non-predictable and it may be quite complicated to keep update the EB DNS name when they change. Elastic IPs on the other hand are allocated to your account and can be moved from EB instance to instance so there is no need to update the DNS.

You may need to attach the old EIP back to EB to make it work again.

I suggest you raise an AWS Support Request ➡ Service Limit Increase and request the number of available EIPs raised by 5 or 10.

Hope that helps :)

Answer 2

I ended up figuring this out myself. Looks like depends on the type of your EB environment, public IP addresses work differently.

For single-instance environments, which is my case here, AWS assigns an elastic IP address no matter what. According to the docs:

A single-instance environment contains one Amazon EC2 instance with an Elastic IP address.

So basically, as long as your environment stays single-instance, you can't get rid of the elastic IP that's been assigned to your instance, or else your environment will stop working like in my case.

Solution:

I fixed it by changing the environment to load-balanced, with 1 min and 1 max, the number of instance will always stay 1. A load-balanced environment relies on ELB's CNAME, rather than EC2's IP address, so even my ec2 instance's public IP changed, the DNS record for my EB app won't be affected, nor will the cloudfront distribution.