Private Route from Software VPN to ALB using Static, Public IP

0

We're trying to figure out the most efficient way to replicate our application and networking on AWS are getting stuck on a networking requirement. Here's the general layout:

  • Our application will be deployed in ECS (Fargate)
  • We'll deploy an instance of the application + ALB for each client
  • We'll use a software VPN (AWS VPNs are too expensive, but I don't think they change anything)
  • We need to privately route traffic from the VPN to each client's instance of the application
  • We prefer to put clients in their own VPCs and use VPC Peers but we could relax this requirement if it were fatal.

Not only do we want/need a Static IP for VPN (and VPC Peer) routing, but we have a client that requires a publicly routable IP address as the destination for our VPN communication. ALBs don't support static IPs (EIP or otherwise) and it doesn't look like either of the suggested workarounds (https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/) will work for us. Specifically, from what I've read:

  • We can put an NLB in front of the ALB to get a Static IP, but we can only associate an EIP if the NLB is internet-facing.
  • The Global Accelerator provides static IPs, but they also appear to be designed to be internet-routable.

In both cases, it doesn't sound like these addresses are internally routable. Am I wrong? Is there another built-in way to achieve our requirement?

Edited by: Clayton D. on Mar 30, 2020 12:59 PM

demandé il y a 4 ans818 vues
1 réponse
0

The solution we finally settled on (at AWS recommendation) was to obtain a range of public IP addresses. When creating a non-public VPC, we could use this as one of our CIDR ranges. Since the IP addresses are not internet accessible, we can actually reuse the same addresses in multiple VPCs (using endpoint services to avoid CIDR overlap issues that would arise using VPC peers).

répondu il y a 4 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions