0

I've read different posts here and then and they doesn't seem to help me solve my problem.

I'm currently using CNAME redirection from my domain to my ELB and this is working fine. But it still doesn't allow me to use a static/elastic IP

I have a loadbalanced infrastructure (5 instances running).

I need for a partnership to share some IP(s) to my partner so he will accept that I do certain actions based on the IP.

I've tried to use the Public IP or to set an Elastic IP to my EC2 instances but they remain not accessible (which seems normal since I guess my instances are not public, only the ELB is).

I've also read that with a VPC you can enable public accessing for each instance so the "elastic IP solution" could work, but having 5 more elastic IPs will add extra cost for me so I would prefer an other solution.

Also it will force me to alter my core infrastructure (which I will do if needed, but again I would prefer an other solution (if there is)

My perfect answer would be a way to have One IP for 5 instances

Thanks

And Row ID
  • 169
  • 11

2 Answers2

2

You can associate one Elastic IP (EIP) with each of your running instances free of charge. This adds no additional cost for you (as long as EIPs stay attached to running instances), but you have to launch these instances into public subnet for this solution to work.

Moving your instances from private to public subnet has security implications, though. If you do not want to do that, you have other options, but all of them incur additional costs (for NAT instance or Bastion host, etc.). So you have to weigh what you want to actually achieve against the costs.

Could you please explain in more detail why exactly these IPs are needed?

vbalys
  • 21
  • 3
  • Yesterday I created following the Amazon Wizard a VPC with private and public subnet, So my VPC is made of 2 subnets that are in the same AZ: -Public subnet -Private subnet Thoses subnets doesnt seem to be different from the Subnets page from Amazon Console. So the wizard also created for me a NAT Gateway that is linked with an elastic IP and with my VPC. It also created me an internet gateway which is attached to the VPC. Then on the "beanstalk wizard With VPC" I've chceked ELB for the "public" subnet and I've checked EC2 for the private subnet. – And Row ID Dec 08 '16 at 09:33
  • Then I've created another Elastic IP on the VPC side and linked it to one of my instance. So now on the EC2 side I can see my instance with a public IP but I think I got something wrong on the way. And to answer your question, I need to have a fixed IP for a third party, I will have to make call on the third party and the request have to be from a whitelisted IP on their side – And Row ID Dec 08 '16 at 09:36
  • I haven't used Elastic Beanstalk myself so I would have to check its docs. But from what you said I understand that your EIP attached to one of instances is not "visible" from outside. Which is exactly as it should be as you have chosen to deploy your instances into private subnet. If you have to make a call to a third party, then NAT (as suggested by Dusan Bajic below) is the way to go. Your partner will see all your requests as originating from NAT EIP, while your instances will not be "visible" from outside. – vbalys Dec 08 '16 at 12:37
  • Thanks, I guess I was too far away from understanding what I was doing. Finally I deployed a single instance apart from my infrastructure, this instance is closed to anyone but one of my servers and the 3rd party server, its not ideal but I've lost too much time :) Thanks again – And Row ID Dec 08 '16 at 16:00
1

Launch your instances in private subnet and configure them to use NAT instance/gateway, with one Elastic IP, for outbound access. Still, this will also add some extra cost.

Dusan Bajic
  • 10,249
  • 3
  • 33
  • 43
  • Thanks for the reply, Could you be a little more specific and guide me through the different steps please ? Including the VPC configuration (private/public...) I'm not really familiar with networking so I'm a bit blindfolded right now – And Row ID Dec 07 '16 at 16:35
  • I forgot to say the my actual environnement is generated with Elastic Beanstalk – And Row ID Dec 08 '16 at 10:07