Create and Secure AWS EB Application with multiple Environments

Question

Now

I've developed an application that works on top a set of services that are collecting and elaborating data collected from the Internet (app_one, app_two, app_three) and then I have a core App that merges and visualizes that information (app_core).

This project is based on top of AWS Elastic Beanstalk, having for each App its own git. To handle the connection between Apps I've (insecurely) mapped each service with a subdomain.

What I would like to do

I will love to move development of this project inside a VPC and secure the interfaces between the REST Flask Apps (one,two,three) and the Core App.

My questions

1) How I can avoid to give a public ip to my eb-enviroment? Every time I run:

eb create myenvname --instance_type t2.XXX

it automatically set up a public IP. Can I move it inside the VPS behind and Internet Gateway?

2) If there is a way to securely move those services behind the gateway, how can I address HTTP requests between those Apps? I don't have subdomains here internally, Should I need to use the private IP's(I don't think so)? There is a way to privately address those services? like in Docker refer to the single docker as " app_one/ ".

I'm sorry if those questions could sound naive, but I have got a background in a completely other area of interest

thanks a lot

Edit

I add project folder structure:

--+/MyAPP 
  |
  |---+/app_one     # single env folder
  |   ...
  |
  |---+/app_two .   # single env folder
  |   ...
  |
  |---+/app_three   # single env folder
  |   ...
  |
  |---+/app_core    # single env folder
      |--/env       # virtual env 
      |--+/app_core # flask application
         |--/lib
         |--+/.elasticbeanstalk # eb folder
         |  |--config.yml
         |--application.py
         |--requirements.txt

Answer 1

You have to launch your apps either into a private subnet or set the configration flag AssociatePublicIpAddress = false.

How to set that flag?

Configuration Files

Use .ebextensions to configure options that are required to make your application work, and provide default values for other options that can be overridden at a higher level of precedence. Options specified in .ebextensions have the lowest level of precedence and are overridden by settings at any other level.

To use configuration files, create a folder named .ebextensions at the top level of your project's source code. Add a file with the extension .config and specify options in the following manner:

option_settings:
    - namespace:  namespace
      option_name:  option name
      value:  option value
    - namespace:  namespace
      option_name:  option name
      value:  option value

Set the flag AssociatePublicIpAddress = false

.ebextensions/app.config

option_settings:
  - namespace:  aws:ec2:vpc
    option_name:  AssociatePublicIpAddress
    value:  false

How to set the Subnet

.ebextensions/app.config

option_settings:
  - namespace:  aws:ec2:vpc
    option_name:  VPCId
    value:  vpc-4545121
  - namespace:  aws:ec2:vpc
    option_name:  Subnets
    value:  sub-45455565

+ Resources

• Configuration Options
• General Options for All Environments
• Advanced Environment Customization with Configuration Files .ebextensions
• Getting to Know and Love AWS Elastic Beanstalk Configuration Files .ebextensions

Hope it helps!