1

I have an application hosted on an EC2 instance in public subnet. To integrate this app with a partner we need to whitelist public IP address of the EC2 instance on partner's firewall.

I want to configure auto-scaling of the application in such a way that outgoing traffic for my application's EC2 instances should be from same single IP address that only needs to be whitelisted on partner's end.

For a private subnet, I know that a NAT Gateway is a solution.

But for instances in a Public Subnet, how this can be achieved? any solution/suggestions will be highly appreciated.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Vansh Kumar Madan
  • 15
  • 3

1 Answers1

1

All traffic from the instances will need to be redirected to send via a single resource, such as a proxy or a Gateway.

The simplest solution is as you stated -- configure the subnet to route all Internet-bound traffic to a NAT Gateway or a NAT Instance. All traffic from that instance will then come from a single IP address.

However, configuring the subnet in this way will mean that it is no longer a "public subnet", since a public subnet has Internet-bound traffic sent through an Internet Gateway rather than a NAT. So, it's actually the same as using a private subnet as you suggested in your question.

The only way to do it in a Public Subnet would be to specifically configure your apps to send requests via a proxy server, which would act in a similar way to a NAT Gateway/Instance.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470