Do Elastic Beanstalk Web Server Environment Need A Public Elastic IP


I am very new to AWS so I appreciate any help in advance but was wondering if its required for a Elastic Beanstalk Environment to have a public ip / elastic ip address? I have a loadbalancer that is set up to point to that elastic beanstalk instance but whenever I remove the elastic ip (I'm messing around seeing what does what) it starts to fail the health checks. It will even fail if a specify IP address type target group and provide the private IP address. The security groups look alright and allow traffic from the LB sec group to the instance sec group over the health check port.

So I'm curious if you have to have your elastic beanstalk ec2 instance exposed with a public IP for the load balancer to register it or is there a way to keep all of that behind the curtain and just have the LB communicate with the instance via the instances private ip address?

asked 2 years ago1491 views
1 Answer

Hello Bansheebomb! Welcome to AWS services. It looks like you are trying to figure out whether or not it is required for your Elastic Beanstalk environment to have a static IP to allow outbound and inbound traffic from your instances. In order to route external traffic, your environment requires a public IP. This IP can either be a public IP assigned to your EC2 instances if placed in a public subnet, or an Elastic IP assigned to a NAT Gateway to route traffic from your instances in a private subnet. In order to have your instances communicate privately with the load balancer, you will need an internet gateway and a NAT gateway. The public subnet needs to have a default route to the internet gateway, which you can accomplish by editing the routing tables. Then, you will need to create a NAT gateway in the same public subnet and associate an elastic IP to it. Next, add a routing entry in your private subnet to direct traffic to the NAT gateway. Finally, you will need to associate your load balancer with the private subnets. To do this, enter your Beanstalk configuration presets, and navigate to load balancer settings. Ensure visibility is set to public and then edit the subnet tables. Delete any public subnets and add in the private subnets associated with the NAT gateway you created earlier. Your instances will now communicate privately with the load balancer and all traffic will go through the elastic IP. For more information, please view this documentation.

Setting up a NAT Gateway in a private subnet:
Configure and attach an Internet Gateway (IGW) for use with Elastic Load Balancing:
How do I assign a static source IP address for all instances in a load-balanced Elastic Beanstalk environment?
answered 2 years ago
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions