How to get private Elastic-Beanstalk Environment DNS Endpoint?

Maximilian Körner

4/27/23, 12:06 PM

My setup is the following: i have a VPC consisting of 3 subnets: public, private with NAT and isolated. I have an elastic beanstalk (single instance) environment running in the private subnet with Nat and it works.

What i want to achieve: have a private hosted zone with a record pointing to my private EB env.

What i'm struggling with: the environment DNS of my EB env points to its public ip (which is not reachable since its in a private subnet and thats good). But to create a DNS record pointing to my private EB env i need a private endpoint of my env, right? How do i get a URL like the public one for my env (e.g. myapp.eu-central-1.elasticbeanstalk.com) but resolving to my private ip, not the public one?

130

0 + 0

internal-dns

amazon-web-services

elastic-beanstalk

Maximilian Körner

5/5/23, 11:21 AM

Still haven't figured out how to get a private DNS for my single instance EB env but solved it by hardcoding the instances internal IP into my DNS record. However this is suboptimal since the ip changes when i redeploy the env. As i understand this is not a problem when using a private load balanced (multi instance) eb env in a private subnet.

Score:0

Server

Martin Muñoz

7/27/24, 9:47 PM

The answer of Matt was very useful to me, it worked. But I had to make some changes:

commands:
  01_update_r53:
    command: |
      IMDSTOKEN=$(curl --silent -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
      IP=$(curl --silent -H "X-aws-ec2-metadata-token: $IMDSTOKEN" http://169.254.169.254/latest/meta-data/local-ipv4)
      AWS_R53_APP_DOMAIN=$(/opt/elasticbeanstalk/bin/get-config environment -k AWS_R53_APP_DOMAIN)
      AWS_R53_HOSTED_ZONE=$(/opt/elasticbeanstalk/bin/get-config environment -k AWS_R53_HOSTED_ZONE)
      echo "{\"Comment\":\"Update IP\",\"Changes\":[{\"Action\": \"UPSERT\",\"ResourceRecordSet\":{\"Name\":\""$AWS_R53_APP_DOMAIN".\",\"Type\":\"A\",\"TTL\":60,\"ResourceRecords\":[{\"Value\":\""$IP"\"}]}}]}" > awsr53.json
      aws route53 change-resource-record-sets --hosted-zone-id "$AWS_R53_HOSTED_ZONE" --change-batch file://awsr53.json

This needs to assign to the service role used by the instance permissions to perform an upsert on Route53. I suggests to perform the script mentioned before via SSH first to debug

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to get private Elastic-Beanstalk Environment DNS Endpoint?

TH: จะรับ DNS Endpoint ของสภาพแวดล้อม Elastic-Beanstalk ส่วนตัวได้อย่างไร

RO: Cum să obțineți un punct final DNS privat pentru mediu Elastic-Beanstalk?

RU: Как получить частную конечную точку DNS Elastic-Beanstalk Environment?

VI: Làm cách nào để có được Điểm cuối DNS của Môi trường đàn hồi-Beanstalk riêng tư?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.