2

Im in need for some opinions. This is a problem Im trying to solve. I need to make requests to an external api, but for security reasons, they whitelist IP addresses. We have multiple AWS ec2 instances, and we don't want to communicate with this external client, every time we change/add ec2 instances. The api calls are pretty basic.

We use nginx for load balancing, but from what I know, request only comes thru it, not out of it, so the IP addresses wont be a single one. What would be a good way to achieve a single IP address to communicate with the external API?

I'm thinking of a microservice on a seperate ec2 instance with an elastic IP address. What are some other ideas?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
pipipi1122
  • 91
  • 3

1 Answers1

4

Let's start with this, you dont want to do that as you'll run into a lot of issues in long run. Here is an enterprise approach -

The API is outside of your AWS VPC, so you can leverage NAT Gateway (This can be assigned a single elastic IP address that can be whitelisted). Setup a multi-tier AWS architecture, keep your EC2 instances in private subnet and have a NAT Gateway for internet connectivity. In this case your EC2 instances will have multiple private IP addresses and all traffic will go through NAT Gateway which is highly available, managed by AWS and you can assign an Elastic IP which can be whitelisted

Jay
  • 305
  • 2
  • 9