Amazon ELB's are a nice way to front end your applications. However, some of the drawbacks are that you don't have flexibility in assigning elastic ip addresses to them. The reason you would need that at times is when your application's consumers want to whitelist outbound access of your app from their network. Currently, ELB's expose their public ip address as A records (may have multiple if ELB is available on multiple zones). However, those ip addresses will change when ELB's get rebooted or patched.
Amazon is working on a feature request that allows us to assign an EIP to an ELB but that is not available as of today. Today, if we want to whitelist applications that can be accessed via firewall, we will have to whitelist the entire EC2 ip address range as mentioned in the AWS blog:-
https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/
To get the current ip address range, you can run the below curl command:-
$curl -vvv https://ip-ranges.amazonaws.com/ip-ranges.json
...
{
"ip_prefix": "54.172.0.0/15",
"region": "us-east-1",
"service": "AMAZON"
},
{
"ip_prefix": "50.16.0.0/15",
"region": "us-east-1",
"service": "AMAZON"
Amazon is working on a feature request that allows us to assign an EIP to an ELB but that is not available as of today. Today, if we want to whitelist applications that can be accessed via firewall, we will have to whitelist the entire EC2 ip address range as mentioned in the AWS blog:-
https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/
To get the current ip address range, you can run the below curl command:-
$curl -vvv https://ip-ranges.amazonaws.com/ip-ranges.json
...
{
"ip_prefix": "54.172.0.0/15",
"region": "us-east-1",
"service": "AMAZON"
},
{
"ip_prefix": "50.16.0.0/15",
"region": "us-east-1",
"service": "AMAZON"
....
Thanks for splitting your comprehension with us. It’s really useful to me & I hope it helps the people who in need of this vital information. Amazon Web Services Training in Chennai
ReplyDelete