amazon-web-servicesamazon-ec2amazon-vpcaws-nat-gateway

Multiple EC2 instance in public subnet should have same IP address for outgoing traffic


I have an application hosted on an EC2 instance in public subnet. To integrate this app with a partner we need to whitelist public IP address of the EC2 instance on partner's firewall.

I want to configure auto-scaling of the application in such a way that outgoing traffic for my application's EC2 instances should be from same single IP address that only needs to be whitelisted on partner's end.

For a private subnet, I know that a NAT Gateway is a solution.

But for instances in a Public Subnet, how this can be achieved? any solution/suggestions will be highly appreciated.


Solution

  • All traffic from the instances will need to be redirected to send via a single resource, such as a proxy or a Gateway.

    The simplest solution is as you stated -- configure the subnet to route all Internet-bound traffic to a NAT Gateway or a NAT Instance. All traffic from that instance will then come from a single IP address.

    However, configuring the subnet in this way will mean that it is no longer a "public subnet", since a public subnet has Internet-bound traffic sent through an Internet Gateway rather than a NAT. So, it's actually the same as using a private subnet as you suggested in your question.

    The only way to do it in a Public Subnet would be to specifically configure your apps to send requests via a proxy server, which would act in a similar way to a NAT Gateway/Instance.