HiveBrain v1.2.0
Get Started
← Back to all entries
patternterraformMinor

Is it possible to run a droplet on Digital Ocean without a public IP?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
dropletwithoutpublicdigitalpossiblerunocean

Problem

I am provisioning droplets on Digital Ocean with Terraform. I would like some of those droplets to be blocked from the internet, except for the Shared Private Network, and their appropriate gateway on that Network.

Is it possible to do this with Terraform?

Solution

I would like some of those droplets to be blocked from the internet
The only way to do this on Digital Ocean is with the appropriate firewall rules

The only way to do this (Terraform or otherwise) is to create the firewall rules and associate them to the droplets. The droplets are always assigned a public IP address by Digital Ocean, and the network firewall can be used to manage access via that endpoint.

However, internal configuration of the machine can be done to configure the droplets to use a custom preconfigured gateway and not use the public interface as a gateway.

Digital Ocean has a writeup on how they suggest this, using IP Tables and cloud-init:

  • set up gateway server as NAT router sysctl -w net.ipv4.ip_forward=1



  • change default route to your NAT gateway: ip route change default via

Context

StackExchange DevOps Q#17027, answer score: 1

Revisions (0)

No revisions yet.