1

Now

I've developed an application that works on top a set of services that are collecting and elaborating data collected from the Internet (app_one, app_two, app_three) and then I have a core App that merges and visualizes that information (app_core). enter image description here This project is based on top of AWS Elastic Beanstalk, having for each App its own git. To handle the connection between Apps I've (insecurely) mapped each service with a subdomain.

What I would like to do

I will love to move development of this project inside a VPC and secure the interfaces between the REST Flask Apps (one,two,three) and the Core App.

enter image description here

My questions

1) How I can avoid to give a public ip to my eb-enviroment? Every time I run:

eb create myenvname --instance_type t2.XXX

it automatically set up a public IP. Can I move it inside the VPS behind and Internet Gateway?

2) If there is a way to securely move those services behind the gateway, how can I address HTTP requests between those Apps? I don't have subdomains here internally, Should I need to use the private IP's(I don't think so)? There is a way to privately address those services? like in Docker refer to the single docker as " app_one/ ".

I'm sorry if those questions could sound naive, but I have got a background in a completely other area of interest

thanks a lot

Edit

I add project folder structure:

--+/MyAPP 
  |
  |---+/app_one     # single env folder
  |   ...
  |
  |---+/app_two .   # single env folder
  |   ...
  |
  |---+/app_three   # single env folder
  |   ...
  |
  |---+/app_core    # single env folder
      |--/env       # virtual env 
      |--+/app_core # flask application
         |--/lib
         |--+/.elasticbeanstalk # eb folder
         |  |--config.yml
         |--application.py
         |--requirements.txt
entalpia
  • 101
  • 1
  • 11

1 Answers1

1

You have to launch your apps either into a private subnet or set the configration flag AssociatePublicIpAddress = false.

How to set that flag?

Configuration Files

Use .ebextensions to configure options that are required to make your application work, and provide default values for other options that can be overridden at a higher level of precedence. Options specified in .ebextensions have the lowest level of precedence and are overridden by settings at any other level.

To use configuration files, create a folder named .ebextensions at the top level of your project's source code. Add a file with the extension .config and specify options in the following manner:

option_settings:
    - namespace:  namespace
      option_name:  option name
      value:  option value
    - namespace:  namespace
      option_name:  option name
      value:  option value

Set the flag AssociatePublicIpAddress = false

.ebextensions/app.config

option_settings:
  - namespace:  aws:ec2:vpc
    option_name:  AssociatePublicIpAddress
    value:  false

How to set the Subnet

.ebextensions/app.config

option_settings:
  - namespace:  aws:ec2:vpc
    option_name:  VPCId
    value:  vpc-4545121
  - namespace:  aws:ec2:vpc
    option_name:  Subnets
    value:  sub-45455565

+ Resources

Hope it helps!

Community
  • 1
  • 1
Ele
  • 33,468
  • 7
  • 37
  • 75
  • 1
    thank you for the answer, I will try to mess up a little bit with the information you gave me. I've edited the post with the folder structure. Where I should add the .ebextensions/app.config? thanks again – entalpia Jan 17 '18 at 19:10
  • Where to add the configuration: https://medium.com/trisfera/getting-to-know-and-love-aws-elastic-beanstalk-configuration-files-ebextensions-9a4502a26e3c That link will help a lot! – Ele Jan 17 '18 at 19:16
  • Wow! I've to study a lot. Thank you for all the hints. I let you know – entalpia Jan 17 '18 at 19:30
  • I've found also this, https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebcli-compose.html. I'm still having issue understand how to address http request between resources. Where I should set the name of the resouce? In the config.yml? – entalpia Jan 18 '18 at 09:48