Setting a static IP address to an Elastic Beanstalk instance

Photo by Barthelemy de Mazenod on Unsplash

Have you ever had to white list your server’s IP address in an external service (like a database service), but your server’s IP address keeps changing? Frustrating, I know. It is especially challenging to assign a static IP with Elastic Beanstalk instances as the underlying EC2 instances could change, disassociating themselves from any associated elastic IP addresses.

There is a way to reliably force outbound traffic from an Elastic Beanstalk instance to come from a static IP, but it’s not trivial.

Create a public VPC subnet

We need to create a VPC subnet to host the NAT Gateway.

• Go to your VPC console and select “Subnets” in the side panel. Then click on “Create subnet”.

• When creating the subnet be sure to select an existing VPC, and specify a IPv4 CIDR block that is WITHIN the CIDR address of the selected VPC. For example, if your VPC CIDR is 1172.31.0.0/16, you can specify a subnet CIDR block of 1172.31.32.0/20. You can get more details here: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html#vpc-sizing-ipv4

Create and attach an internet gateway to the VPC

• From the VPC console, select “Internet Gateway” from the side panel. Then click on “Create Internet Gateway”.

• Give the “Internet Gateway” and click “Create Internet Gateway”.
• Once the internet gateway is created, click on the “Attach to a VPC” button that pops up.

• Select the VPC from the previous step. Note that a VPC can only be attached to one internet gateway, so if a VPC is already attached, you won’t be able to select it.

Setting up a NAT Gateway

Instead of associating an elastic IP to Elastic Beanstalk underlying EC2 instance, we can put the instance in subnet with a NAT gateway for outbound traffic.

First, we have to create a NAT Gateway in AWS’s VPC service.

• Go to the AWS VPC service page, select NAT Gateway in the left navigation and click on “Create NAT Gateway”

VPC > NAT Gateways

• In the create NAT gateway screen, give it any name, select a subnet you previous created, select “Public” connectivity type and select an Elastic (static) IP. If you haven’t created an Elastic IP already, click on the Allocate Elastic IP button to automatically assign & associate one with the Gateway.

Creating a NAT gateway

Create a routing table

Next we have to route outbound traffic in the subnet to this NAT Gateway.

• In the VPC screen, select “Subnets” from the left nav and select the subnet that we specified in the previous step.
• Click on the Route table tab and click on the name of the route table.

Edit the route table in the subnet

• In the route table, add a route and associate designation 0.0.0.0/0 with the NAT gateway you just created as the target. Now any outbound traffic from within the subnet will go through the gateway.

Associate 0.0.0.0/0 with the NAT gateway

Creating a High Availability Elastic Beanstalk instance

Next is to create the Elastic Beanstalk instance itself, and put it in the same subnet.

• Go to the Elastic Beanstalk service page and click on “Create Environment” — you will have to first create an Application if you don’t already have one.
• Select “Web server environment”
• Give the environment a name and select a target platform
• Click on “Configure more options”

Configure new EB instance

• Scroll to the top of the page and select a desired instance type. We recommend high availability for a production instance.

High availability EB

• Next, click on the “Edit” button under “Network” on the same page.
• Under “Load balancer settings” select Public visibility and set the subnet we specified in the initial step
• Under “Instance settings”, make sure Public IP address is unchecked (only the Gateway IP needs to be public), and select the same subnet that we created the NAT gateway for.

EB load balancer and instance settings

• Create the environment, and wait until the instance is fully created & started
• Go to the EC2 service page and verify that the newly created instance was created in the same subnet you specified. All outbound traffic from the instance should now go through the Gateway, which to the outside world has a static IP address.

Finnovate.io is a technology company focused on helping organizations build unique digital experiences on web, mobile and blockchain. Finnovate.io offers development services, training, consulting, as well as a platform that rapidly turns paper based content into digital interactive experiences.