0

I have a VPC with several instances;

These need to be reachable among them via public urls, i.e. one instance, say

mysub1.mydomain.com

should be able to access 

mysub2.mydomain.com

and vice-versa;

My only way for the moment to go about this is:

a) allocate ElasticIP to each one (so that they do not change)

b) add explicit allow rules in the respective security group so that the above requests are possible;

Since I am short on ElasticIPs, is there another way to go about this case, given that the instance number is expected to grow?

I can place those instances behind ELB or ALB if that solves the problem somehow;

edit: Could the usage of a NAT Gateway with a twist (that actually allows both incoming and outgoing traffic to/from my instances) be the solution to save IP addresses? but how can this be combined with a load balancer (either ELB or ALB) that I have to use during some requirements?

pkaramol
  • 16,451
  • 43
  • 149
  • 324

2 Answers2

1

If your requirement merely that they communicate locally within the VPC to reach each other via their DNS names, you should be able to create a Private Hosted Zone for Amazon VPC in Amazon Route 53.

Add entries for each instance pointing to their private IP address. This way, the DNS name will resolve within the VPC to point to the private IP address rather than a public address. Traffic will flow within the VPC, without going out to the Internet. This also would not require an public IP addresses to be allocated.

If you also need the DNS names to resolve on the Internet (outside the VPC), you do not necessarily need to use Elastic IP addresses. Each Amazon EC2 can request a public IP address when the instance is created. You can point the public DNS names to this address. However, please note that the public IP address might change if the instance is stopped and started (whereas Elastic IP addresses will not change).

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
0

Ideally, you should create a VPC with public and private subnets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html) and place your instances (unless specific needs) in private subnets.

You will then configure external and internal load balancers and DNS for communication so that you don't need to rely on public IPs and you can scale your application (you can use either classic or application load balancers depending on your needs).

You can set up public and private DNS zones on route53 (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html) so that you can resolve certain endpoints just from inside the VPC.

You can then even improve security by creating "security-group to security-group" rules or restricting inbound traffic to specific subnets.

Gabriel
  • 96
  • 3
  • So more or less I need 2 load balances (1 internal + 1 internet facing) and 2 hosted zones (1 public + 1 private) so that I route/allow the internal (without the need for public IP addesses) as also the external traffic? – pkaramol Jul 23 '18 at 12:47
  • Yes, in that's in general how most of the infrastructures I've worked with look like. The first rule is to never expose something to the internet unless is strictly needed. – Gabriel Jul 27 '18 at 14:43