Egress from a static IP #1914
-
|
One of the services that I am building requires the outbound traffic to be from a set of IP addresses. I have been reading the GitHub discussion of how copilot initially used NAT gateways but chose to move away due to cost. Is there an interim solution I can use that will allow a single services outbound traffic to come from a NAT gateway while using copilot? The only other solution I can think of (if I want to keep using copilot, which I do) would be to build a separate proxy service where each instance is connected to an Elastic IP, and use a NLB. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi @inssein ! One "hack" that I can think of for now until we have a way of placing tasks in private subnets with a NAT gateway is to import a VPC to copilot.
I think that should be an alternative route. For visibility, we're working on a design right now to place Backend Service tasks to private subnets with no access to the internet, and then we'll look into providing an option to create a NAT gateway. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @inssein following up on this, now with copilot v1.5.0 we do support creating NAT Gateways! https://github.com/aws/copilot-cli/releases/tag/v1.5.0 🚀 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @efekarakus! |
Beta Was this translation helpful? Give feedback.
Hi @inssein !
One "hack" that I can think of for now until we have a way of placing tasks in private subnets with a NAT gateway is to import a VPC to copilot.
copilot env init, however since at the moment Copilot only places the tasks in public subnets, you'll have to trick Copilot and specify your private subnets as public subnets inenv init.I think that should be an alternative route. For visibility, we're working on a design right now to place Backend Service tasks to private subnets with no access to the internet, and then we'll look into providing an option to create a NAT gateway.