One of my instances in a private subnet in a VPC in AWS , is making requests to a API (to fetch some metadata). The API provider is asking for an IP address to whitelist.
I'm not sure which IP address should I be providing since the instance is a part of an auto scaling group. It does have an ENI IP , however I'm not sure if that's the IP which they would need to whitelist. Could it be the NAT gateway IP (since the instances use a NAT gateway to connect to the internet) ?
So you have an instance in private subnet and also in auto scaling group. which needs to be whitelisted. What you can do is that you attach a NAT Gateway to the private subnet. This NAT gateway will have an public elastic IP which you can whitelist from API side.
Private Subnet are not meant to be having a public IP address, assigning public address would nullify the benefit that you would like to get from Private subnet.
However, Many users above about suggested correct option. By having a NAT gateway ( with elastic IP address ) and then configuring the private routing table with NAT gateway would allow the internet traffic ( from allowed IP address configured in private routing table) . Since all outgoing traffic would be going through the NAT gateway you can use the elastic IP address attached with NAT gateway to get whitelisted the API Provider.
You mean to say, your VPC have private subnet and public subnet. Your EC2 instances are in private subnet and you want to whitelist IP address of those EC2 instances. You can't have public IP addresses of EC2 in private instance. If you have private and public subnet architecture then you should set up ELB into public subnet and attach it to auto scaling group of EC2 instances into private subnet.
Check link about auto scaling group.
The NAT gateway has different purpose, you can't share NAT ip for whitelisting. Refer link to see, how Auto Scaling group created and how ELB attached to it.
You should share ELB IP address to provider for whitelisting.
