Auto Scaling, Elastic IP

Question

When I use Network Load Balancer with Auto Scaling, everytime an instance is spawned it gets a new public IP. I would like to have an EIP for each instance. I was hoping that when I assigned an EIP to availability zones in the Network Loadbalancer configuration would do the trick. Is there a a way to have autoscale and static IPs for the instances spawned?

https://aws.amazon.com/blogs/aws/new-network-load-balancer-effortless-scaling-to-millions-of-requests-per-second/

According to this it looks it's not possible:

Unfortunately, there is no way to make autoscaling automatically assign an Elastic IP address to newly launched instances

Static IP for Auto Scale in AWS

and according to this:

Assigning static IPs to auto scaled EC2 instance

So you want all your instances to have the same elastic IP as the load balancer? Or you want AWS to somehow magically know that you want to pull from your pool of elastic IPs for each instance just because you assigned an elastic IP to the load balancer? I'm confused about what you are trying to do here. If the instances are behind a load balancer why do you care what the individual instance IP addresses are? — Mark B, Jul 28 '18 at 16:39
You don't connect to your instances in an autoscaling group. Rethink why you need EIP addresses for them. If you need to change something on an instance, you modify your test instance, create a new AMI and redeploy your autoscaling group. ASG can terminate an instance at any time even if you are connected to it. Also, you do not want your instances behind the load balancer to have public IP addresses. Otherwise bad actors will just go around your load balancer to attack. — John Hanley, Jul 28 '18 at 20:36
Thanks. The instances need to have an EIP because they connect to a third party software and they need to be white listed. If the IP changes obviously no whitelisting can take place. My question looks like a duplicate of the SO questions I linked it with. — Spiff, Jul 29 '18 at 08:26
@JohnHanley Regarding your comment about public IPs of instances behind a load balancer: A SG on the instance that would allow traffic only from the LB would fix this? — Spiff, Jul 29 '18 at 08:48
Yes, a SG can control the traffic coming into the EC2 instances. Another option is to have your instances in a private subnet and then white list the EIP address of the NAT Gateway. — John Hanley, Jul 29 '18 at 15:40

score 1 · Answer 1 · answered Jul 28 '18 at 17:13

Write a script and put it on your startup script in launch configuration for your autoscale group, that script can do anything you want, range from assigning the new EIP to check other services for the white/blacklist. For more info read https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html

b.b3rn4rd · Answer 2 · 2018-07-30T02:06:52.787

As others have mentioned this can be accomplished by provisioning new EIP and using UserData to associate the instance with newly issued EIP. However, following setup would have the following issues:

1) EIP have limits by default its 5 per VPC, and even you can increase the limit you need to know the maximum number of EIP your VPC will use

2) When instance gets terminated you will need to create a process to delete staled EIP or figure out how to reassociated previously allocated EIP

Having said that I do use a static EIP in my ASG but its only for HA rather than scalability, so in the following example I'm reusing existing EIP each time I launch a new instance

            #!/bin/bash -xe
            INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
            aws ec2 disassociate-address --association-id ${OpenPVNEIP.AllocationId} --region ${AWS::Region} || true
            aws ec2 associate-address --instance-id "${!INSTANCE_ID}" --allocation-id ${OpenPVNEIP.AllocationId} --region ${AWS::Region}

Spiff · Accepted Answer · 2018-08-06T10:46:00.503

0

I created a Lambda inside a private subnet. I linked the private subnet to a NAT Gateway and thus I managed to get a static IP for my Lambda. The limit of 5 EIPs was an issue for me.

https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

edited Aug 06 '18 at 10:46

answered Aug 03 '18 at 12:28

Spiff

3,873
4
25
50

score 0 · Answer 4 · answered Mar 17 '21 at 17:35

With EC2 & Auto scaling, You need using user data in EC2 to Auto Attach Elastic IP to EC2 Instance For Auto scaling

#!/bin/bash
aws configure set aws_access_key_id "XYZ..."
aws configure set aws_secret_access_key "ABC..."
aws configure set region "ap-..."
aws ec2 associate-address --instance-id "$(curl -X GET "http://169.254.169.254/latest/meta-data/instance-id")" --public-ip your_elastic_IP

Note: you should create new user & IAM have only permission associate-address to create/get aws key

Hope it be help you :)

Auto Scaling, Elastic IP

4 Answers4