I need the static IP to allow access to a firewalled network not on the AWS network.
Is it possible to get a static IP for a load balanced app using Elastic Beanstalk? I'm following the AWS docs regarding using Route 53 to host my app with a domain name, but from what I've read, this does not ensure a static IP because it is essentially using a CNAME allowing the IP behind the scenes to change. Is that the right understanding? Is it possible at all?
Amazon has published a new example especially for you: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/vpc-basic.html
You can deploy an Elastic Beanstalk application in a load balancing, autoscaling environment in a VPC that has both a public and private subnet. Use this configuration if you want Elastic Beanstalk to assign private IP addresses to your Amazon EC2 instances.
Deploy your beanstalk environment in VPC, and with the right configuration, a static IP for outbound traffic is easy.
In this setup, your instances all relay their outbound traffic through a single machine, which you can assign an elastic IP address to. All of the inside-originated, Internet-bound traffic from all of the instances behind it will appear, from the other network, to bw using that single elastic IP.
The RDS portion of the following may be irrelevant to your needs but the principles are all the same.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo-vpc-rds.html
This post helped me get a static IP for outgoing requests by using a NAT Gateway, and routing specific requests through it.
I needed this static IP in order to be whitelisted from an external API provider.
I found this way much easier than the provided by AWS, without the need of creating a new VPC and a private and public subnets.
Basically, what I did was:
- Create a new subnet to host the NAT Gateway.
- Create the NAT Gateway in the above subnet, and assign a new Elastic IP. This one will be our outgoing IP for hitting external APIs.
- Create a route table for the NAT subnet. All outbound traffic (
0.0.0.0/0) should be routed through the NAT Gateway. Assign the created subnet to use the new route table. - Modify the main route table (the one that handles all our EC2 instances requests), and add the IP(s) of the external API, setting its target to the NAT Gateway.
This way we can route any request to the external API IPs through the NAT Gateway. All other requests are routed through the default Internet Gateway.
As the posts says, this is not a Multi AZ solution, so if the AZ that holds our NAT Gateway fails, we may lose connection to the external API.
Update:
See @TimObezuk comment to make this a Multi-AZ solution.
来源:https://stackoverflow.com/questions/26390610/static-ip-using-elastic-beanstalk