By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Why is the final resolved result of domain name access not the public IP address of the EC2 instance?

0

For example, when I visit my web server qa.asdfg.com, the instance public IP address is 18.2.3.4, but the final resolved IP is 54.4.14.23 (ec2-18-4-14-23.compute-1.amazonaws.com), 44.16.27.7 (ec2-44.16.27.7.compute-1.amazonaws.com), etc. I have configured AWS Global Accelerator and ALB, but the final resolved IP is neither AWS Global Accelerator nor ALB. I don't know where these IPs come from

2 Answers
0
Accepted Answer

The situation you're describing suggests that there are multiple layers of networking and routing in place between your domain name and the actual EC2 instance. This is common in AWS architectures for improved performance, scalability, and availability.

When you've configured AWS Global Accelerator and an Application Load Balancer (ALB), the IP addresses you're seeing are likely part of the Global Accelerator infrastructure. Global Accelerator uses a network of edge locations to route traffic to the optimal AWS endpoint, which in your case is probably the ALB.

Global Accelerator provides two static IP addresses (or alternatively, you can bring your own IP addresses) that serve as fixed entry points for your application. When clients resolve your domain name, they get these Global Accelerator IP addresses. However, behind the scenes, Global Accelerator routes the traffic through AWS's global network to the most appropriate endpoint.

The IP addresses you're seeing (like 54.4.14.23 and 44.16.27.7) are likely the addresses of AWS edge servers that are part of the Global Accelerator network. These servers receive the initial request and then intelligently route it to your ALB, which in turn forwards it to your EC2 instance.

This multi-layered approach provides several benefits:

  1. Improved global performance by routing traffic through AWS's optimized network.
  2. Increased availability by distributing traffic across multiple edge locations.
  3. Ability to scale and change your backend infrastructure without changing the public-facing IP addresses.

It's important to note that while your EC2 instance has a public IP address, it's not directly exposed to the internet in this setup. Instead, traffic is routed through Global Accelerator and your ALB before reaching the EC2 instance, providing additional layers of abstraction and security.

If you want to confirm the exact routing, you may need to check your Global Accelerator and ALB configurations in the AWS Console to understand how traffic is being directed to your EC2 instance.
Sources
AWS Global Accelerator Now Supports EC2 Instance Endpoints
Manage the IPv4 addresses for your EC2 instances - Amazon Elastic Compute Cloud

profile picture
answered 25 days ago
profile picture
EXPERT
reviewed 25 days ago
  • The source of the IP is ELB, but why is it this way? It may be that the third-party DNS service provider we use is bound to the DNS of LB.

0

it's difficult to say what's going on here without the actual DNS entries and IP addresses - because I think that the ones you have listed are examples only.

If you're unwilling to put the details here (which I totally understand) please reach out to the support team.

profile pictureAWS
EXPERT
answered 25 days ago
profile picture
EXPERT
reviewed 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions