patternMinor
amazon ec2 ip whitelisted on a third party service provider
Viewed 0 times
thirdproviderpartyec2amazonservicewhitelisted
Problem
Currently we are running an application in a single amazon ec2 machine. On our application we are using some third party solution. For using those solution, we have asked the third party service provider to whitelist our ec2 machine ip.
Now we want to scale up our application. We are planing to setup multiple node (our application in multiple ec2 machine) and a load balancer.
So my questions is, how i can manage our third party solution provider? Should I give all our ec2 machine ips to our third party solution providers for whitelist? Or is their any other solution to handle the situation?
our EC2 machine: IP - 172.12.32.55
Third party solution like global.bank.com and we have told global.bank.com to whitelist our IPNow we want to scale up our application. We are planing to setup multiple node (our application in multiple ec2 machine) and a load balancer.
So my questions is, how i can manage our third party solution provider? Should I give all our ec2 machine ips to our third party solution providers for whitelist? Or is their any other solution to handle the situation?
Solution
A possible approach could be:
Outgoing traffic will then use the elastic IP assigned to your NAT as its source IP.
An added benefit of this approach from a security perspective is that your instances won't be directly reachable from the internet, thus reducing your attack surface.
- Put your instances in a private subnet
- Route incoming traffic through a load balancer
- Route outgoing traffic through a NAT
Outgoing traffic will then use the elastic IP assigned to your NAT as its source IP.
An added benefit of this approach from a security perspective is that your instances won't be directly reachable from the internet, thus reducing your attack surface.
Context
StackExchange DevOps Q#11644, answer score: 3
Revisions (0)
No revisions yet.