3

We have a 3rd party integration which needs the EC2 instance IP to be whitelisted. The 3rd party whitelists the IP on their server and then only the EC2 instance can communicate with them. In the case of single instance this works. However when auto scaling kicks in, we would end up in more than 1 instance. These new instances automatically get new IPs for every autoscale action. Is it possible for us to ask AWS to assign IPs from a say a set of 4 predefined Elastic IPs? ( Assumption is that autoscaling is restricted to say 4 and we have 4 floating EIPs )

I'm trying to avoid gateway NAT since there is a big cost associated with it.

Any ideas?

prem911
  • 266
  • 3
  • 16

3 Answers3

3

With autoscaling this is not directly possible to assign an Elastic IP to autoscaled instances. However there are couple of options you can consider.

  • After instance autoscales, having a boot up script(e.g UserData in Linux) with AWS EC2 CLI commands to associate an Elastic IP address you have allocated to your account writing a command line script. Note that you need to handle the health checks accordingly for the transition to happen smoothly.
  • Having a CloudWatch alarm trigger to execute an Lambda function which will associate an Elastic IP address to the instance newly started. For this you can use AWS SDK and code to check the instance without EIP and Associate an available EIP to it.
Ashan
  • 18,898
  • 4
  • 47
  • 67
1

Auto Scaling will not automatically assign an Elastic IP address to an instance.

You could write some code to do this and include it as part of the User Data that is executed when an instance starts. It would:

  • Retrieve a list of Elastic IP addresses
  • Find one that is not currently associated with an EC2 instance
  • Associate it with itself (that is, with the EC2 instance that is running the User Data script)
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
1

Use a NAT instance. There's only a small cost associated with a t2.nano and you should find that more than adequate for the purpose.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html

While not as reliable as a NAT Gateway (you're paying for hands-off reliability and virtually infinite scalability), it's unlikely you'll have trouble with a NAT instance unless the underlying hardware fails, and you can help mitigate this by configuring Instance Recovery:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427