I'm using a AWS EC2 instances on VPC with an Internet Gateway and I need to connect my companies network which only accept connections from specific IP addresses(Firewall). The Outbound Traffic of my IP Address is the Internet gateway's IP Address. I have tried using a NAT Gateway, but the NAT Gateway Still uses an Internet Gateway.Is it possible to have Elastic IP for all outgoing traffic on AWS?
Asked
Active
Viewed 1.3k times
9
-
1*"The Outbound Traffic of my IP Address is the Internet gateway's IP Address."* Well... no, it isn't. It can't be, because the Internet Gateway object does not have an IP address of its own. You'll want to look at this more closely to understand what is actually happening. Also, a NAT Gateway *always* has an elastic IP so it seems you are asking how to solve a problem that NAT Gateway solves automatically. – Michael - sqlbot Nov 23 '16 at 10:23
-
Are your instances in public subnet or private subnet? – helloV Nov 23 '16 at 15:55
-
My Instances are on a private subnet – baakal Nov 24 '16 at 05:15
1 Answers
6
If you have as a destination a set of static IP addresses (the ones of your company), I solved the same by doing the following (based on this post):
- Create a new subnet to host the NAT Gateway.
- Create the NAT Gateway in the above subnet, and assign a new Elastic IP. This one will be our outgoing IP for hitting external APIs.
- Create a route table for the NAT subnet. All outbound traffic (0.0.0.0/0) should be routed through the NAT Gateway. Assign the created subnet to use the new route table.
- Modify the main route table (the one that handles all our EC2 instances requests), and add the IP(s) of the external API, setting its target to the NAT Gateway.
This way you can route any request to your company IPs through the NAT Gateway. All other requests are routed through the default Internet Gateway.
SebaGra
- 2,801
- 2
- 33
- 43
-
Step 3 should be *"routed through the **Internet Gateway**"*, shouldn't it? – luk2302 Jan 12 '23 at 09:11