I'm using a AWS EC2 instances on VPC with an Internet Gateway and I need to connect my companies network which only accept connections from specific IP addresses(Firewall). The Outbound Traffic of my IP Address is the Internet gateway's IP Address. I have tried using a NAT Gateway, but the NAT Gateway Still uses an Internet Gateway.Is it possible to have Elastic IP for all outgoing traffic on AWS?
4
votes
"The Outbound Traffic of my IP Address is the Internet gateway's IP Address." Well... no, it isn't. It can't be, because the Internet Gateway object does not have an IP address of its own. You'll want to look at this more closely to understand what is actually happening. Also, a NAT Gateway always has an elastic IP so it seems you are asking how to solve a problem that NAT Gateway solves automatically.
– Michael - sqlbot
Are your instances in public subnet or private subnet?
– helloV
My Instances are on a private subnet
– baakal
1 Answers
4
votes
If you have as a destination a set of static IP addresses (the ones of your company), I solved the same by doing the following (based on this post):
- Create a new subnet to host the NAT Gateway.
- Create the NAT Gateway in the above subnet, and assign a new Elastic IP. This one will be our outgoing IP for hitting external APIs.
- Create a route table for the NAT subnet. All outbound traffic (0.0.0.0/0) should be routed through the NAT Gateway. Assign the created subnet to use the new route table.
- Modify the main route table (the one that handles all our EC2 instances requests), and add the IP(s) of the external API, setting its target to the NAT Gateway.
This way you can route any request to your company IPs through the NAT Gateway. All other requests are routed through the default Internet Gateway.
