Container on EC2 behind ALB, does it use the public IP of the ALB?

Question

Hi all,

I have a development environment I'm using to test an application that needs to send information to a third party over the internet. If the container is sitting behind my application load balancer, when it attempts to connect to the external partner, does it do so using the public IP of the ALB? I need to provide the third party with the IP address where the traffic is originating. I can ping the DNS name of the ALB and see an AWS Public IP but I'm not certain this is correct. The container is running on EC2.

At a high level, the environment looks like this:

DEV Environment
DEV ALB -> Target Group -> ECS-Optimized EC2 Instance -> Container

Riku_Kobayashi · Accepted Answer

Use the EC2 IP address for outbound traffic from containers on EC2 to external partners.  
ALB is not used as a gateway for outbound communication from the VPC to external partners.

Also, if your EC2 is on a private subnet, communication to external partners will require a NAT gateway or similar.  
In that case, the IP address becomes the IP address of the NAT gateway.

Adrian-Keith · Answer

Thank you for the detailed answer @Riku_Kobayashi! The EC2 instance is in fact in a private subnet so the use of a (pre-existing, in my case) NAT Gateway was the missing piece. This makes more sense now.

Container on EC2 behind ALB, does it use the public IP of the ALB?

Relevant content