All geek questions in one place

Static IP Address for AWS Auto Scale

I need all my instances in the AWS autoscale group to be configured using (known) static IP addresses. I will be a whitelist of all these IP addresses on the mail server later (which is why they need to be static). Is it possible to use the usual cloud method? Can I assign a second network adapter and assign it an IP from the static IP range? Any ideas?

+5
source share
3 answers

Unfortunately, you cannot access any custom IP range for your autosave group.

You can get the IP range for the region in which you work and list all the IP addresses from that region, but it will not contain a blacklist of instances from another AWS account. You can get these ranges here .

You can configure static IPs in AWS - they are called Elastic IPs. The resilient IP address will be stored with the instance between stop / start. Elastic IP addresses are also “resilient” because they can be separated from one network interface or instance and attached to another.

Unfortunately, there is no way to auto-scale automatically by assigning an Elastic IP address to newly launched instances. You need to write a script that runs when a new instance starts. You can run this script using custom EC2 data.

Then you can use the CLI or SDK. The script will need to allocate a new Elastic IP address for your account, and then associate this Elastic IP with the instance.

Alternatively, you can use Lambda to run a script to do the same, but in response to an autosave event.

Other problems you may have:

  • By default, your account can only have 5 Elastic IPs. You will need to increase the limit in order to get more - and this can be a problem.
  • What happens when an instance ends in ASG? Elastic IP will become dissociated - you will receive an order for a disasociated Elastic IP. You can always write a Lambda function that fires in response to autosave events that release any disassociated Elastic IP, but that’s even more overhead.

Unfortunately, there is nothing good in solving this problem. The easiest way is to list all the Amazon IPs for this region, but you will still have security issues.

EDIT: You can also create a proxy instance. You can configure all instances in your ASG for direct traffic through the proxy instance. You can then provide an instance of the Elastic IP proxy and enable it in your firewalls.

The only potential problem is overloading your proxy server. You need to make sure that the type of instance you used for it can handle the maximum number of instances allowed in your ASG at full capacity.

+4
source

Looks like what you're looking for is Elastic IP

A resilient IP address is a static IP address for dynamic cloud computing. Using the Elastic IP address, you can mask the failure of an instance or software by quickly reassigning the address to another instance of your account. Your Elastic IP address is associated with your AWS account, not a specific instance, and it remains associated with your account until you decide to explicitly release it.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

+2
source

We achieved this by assigning static IP addresses using cloud formation, and the IPs were selected from the VPC subnet.

+1
source

Source: https://habr.com/ru/post/1235807/

More articles:


All Articles