amazon-web-servicesamazon-ec2amazon-vpcwhiteliststatic-ip-address

Whitelisting an IP address for sms notification with an AWS application Load Balancer


I have my frontend & backend application in separate ec2 behind a single application load balancer with different target groups. I need to have a static IP address that can be whitelisted with a 3rd party notification system.

I need a way to provide a statis IP address and allows access to my instances in a case where my ec2 are autoscaled or recreated from a launch template.

Can i get a static IP address to provide to a vendor and there will still be access to my application even when my server autoscales or is replaced,


Solution

  • It sounds like you need an outgoing static IP address, so your EC2 servers can send traffic to an external resource always using that IP address. To do this you have to take the following steps:

    1. Add a NAT Gateway to one of your VPC's public subnets. A public subnet is a subnet with a route to an Internet Gateway in its route table. All of your VPC's subnets are probably public subnets right now.

    2. Assign an Elastic IP to the NAT Gateway when you create it.

    3. Create some private subnets in your VPC. Private subnets are subnets that have a route to the NAT Gateway, instead of the Internet Gateway, in their route table.

    4. Modify your auto-scaling group to deploy your EC2 instances in the private subnets, instead of the public subnets.

    Once you take the above steps, any outgoing network request originating from your EC2 servers will go through the NAT Gateway and appear to external resources as coming from the Elastic IP address.