0

I am running service on ECS, which calls third party API. How can I have stable/elastic IP which third party can add to their firewall?

EC2 to should be able to scaleup and scaledown, ECS is free to scheduler service on any of the VMs inside the cluster.

did lots of search but did not find concrete answers.

Tim
  • 30,383
  • 6
  • 47
  • 77
archit
  • 1
  • 1

1 Answers1

1

Deploy a NAT Gateway. It's basically a proxy which lets your instance reach out to the internet but doesn't let anything on the internet in.

For redundancy it's best to have one NAT gateway per AZ, which means three IP addresses to whitelist. You can have a NAT Gateway in one AZ that all AZs use if you can tolerate very occasional downtime. It's a highly available service, failures should be very rare - I've never noticed a NAT gateway failure.

Make sure you understand the pricing.

Tim
  • 30,383
  • 6
  • 47
  • 77
  • Thanks, I have did the same thing, just 1 question on that line here is how my route config look like -> NAT-gateway-id question is third party IP, can be only IP or I can add the host name? what if third party IP itself is dynamic and changes frequently? – archit Aug 09 '22 at 06:02
  • I'm sorry but I don't understand what you're trying to ask. It looks like you're trying to route in via a NAT gateway which is not what it's for. Routing only works for IPs, host names are done with DNS. If the third party IP changes regularly they should have a DNS entry which is updated as their IP changes, your server resolves it each time before it does a request. – Tim Aug 09 '22 at 08:27
  • Thanks. Yes, you cleared my doubt. Basically NAT allows to add resolvable hostname in the route table in Destination column and not just the IP. – archit Aug 09 '22 at 15:41
  • No, that's not it at all. Route tables are layer 3, IP not DNS. – Tim Aug 09 '22 at 19:22