Join Log in
Score:0
Buse B. avatar Server

How to get a static IP address for outbound requests in AWS?

fr flag
Buse B.

We are in an integration process and the company is asking for whitelisted static IP addresses. The suggested solution by AWS is to create new ECS that uses new subnets. Is it possible to change subnets in an existing cluster? Do we have to redeploy everything in a new cluster? Since, redeployment is a risky process for us, we need a easier solution for that.

278
0 + 0
MLu avatar
id flag
MLu
Redeployment should be all automated, not risky. Just saying.
0
Reply
Buse B. avatar
fr flag
Buse B.
Can you explain it more please? Actually we are not working with the same tech team who deployed in the first place and current team hesitates to redeploy.
0
Reply
ml flag
Gomibushi
As @MLu says you should be able to redeploy. If not you should make it a priority to be able to. I understand there might be external dependencies, but you should be able to deploy to a different/new account and verify that all is well before redeploying.
0
Reply
Score:0
mreferre avatar Server
nl flag
mreferre

You probably need to be more explicit about 1) the current configuration you have and 2) what is the main goal. On #1, it depends on what network mode you are using (bridge vs VPC). With the latter a cluster is not bound to a subnet/VPC and you can pick anything you want (inside the same cluster). You may need to redeploy the tasks/services though to move them. Not sure how this relates to "getting a static IP for outbound requests" though. If you need a known egress IP for all your tasks you would need to configure a NAT Gateway in the private subnet where your tasks live.

I assume your problem is that the existing tasks are on a public subnet with their own public IP and you need to move them to a private subnet with a NAT GW associated?

0 + 0
Buse B. avatar
fr flag
Buse B.
Our subnets are public but the issue is that subnets don't make use of the NAT Gateway. Suggested solution is to create a new subnets with a NAT Gateway. It's claimed that we cannot change subnets in an existing cluster so we need to create a new cluster that uses new subnets. In this scenario, we need to redeploy everything in a new cluster. But not sure this is the only way to do it.
0
Reply
mreferre avatar
nl flag
mreferre
Yes NAT GW can't be attached to public subnets. There may be reasons why you can't add additional subnets to an existing VPC (you already consumed/configured all the IP space of your VPC etc). A few question: 1) is your application deployed as an ECS service? 2) Does it have a Load Balancer configured? 3) Is it deployed on EC2 or Fargate? If it's deployed on EC2 what is the network mode configured (Bridge or VPC)?
0
Reply
Buse B. avatar
fr flag
Buse B.
1) ECS and networking done via VPC, 2) Load balancer configured, 3) ECS fargate.
0
Reply
mreferre avatar
nl flag
mreferre
If that is the scenario it is *possible* that by [creating a new task-set](https://docs.aws.amazon.com/cli/latest/reference/ecs/create-task-set.html) that points to a new VPC and LB and then [updating the ECS service](https://docs.aws.amazon.com/cli/latest/reference/ecs/update-service.html) you should be able to move your tasks to private subnets. In theory you could do it without recreating the cluster or even the ECS service but all tasks would need to move to a new VPC/LB).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.