4

TL;DR - Is it possible for a CloudFormation template to insert the subnet-specific internal IP address of a specific ELB into the UserData of an instance within that subnet?

We have a fleet of EC2 web servers in an Amazon VPC with six subnets, one private and one public across each of the three AZ's within EU-West-1. All servers are configured with CloudFormation.

We would like to configure Apache's mod_rpaf to log the X-Forwarded-For header (we can change the LogFormat, but this doesn't translate easily to PHP or Apache error logs; RPAF is the neatest solution for us).

As far as I know, the way an ELB is architected means that it has a 'foot' in each of its configured AZs, and this can change if the ELB is torn down or re-created.

It seems that the version of mod_rpaf in Ubuntu 12.04's repositories hasn't been updated to allow CIDR notation for the ProxyIPS directive, and in theory the ELB's IP address can be anything within our three public subnets.

The one remaining solution is to configure the module via Puppet, using hieradata generated by the instance's UserData. I know that to some degree you can interpolate references and variables within CloudFormation templates, but I'm unsure if it's possible to effectively say "Give me the private IP address for this ELB in this subnet".

Craig Watson
  • 9,370
  • 3
  • 30
  • 46

4 Answers4

36

We had same problem, below command I use for getting internal IP of ELB "LAMP-Prod"

aws ec2 describe-network-interfaces --filters "Name=description,Values=ELB LAMP-Prod" |grep -wE 'Description|PrivateIpAddress'

Or using JQ and without the need to specify an ELB name

 aws ec2 describe-network-interfaces --filters Name=requester-id,Values='amazon-elb' | jq -r '.NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress'
spa900
  • 103
  • 3
Deepak Deore
  • 691
  • 9
  • 15
  • Not a solution. I was looking for CloudFormation. Downvoted. – Craig Watson Aug 16 '14 at 00:08
  • 22
    Except it helped me, who searched Google for "ELB private IP". – Cesar Oct 29 '15 at 21:43
  • 2
    The original author downvoted this solution for not being 100% compatible with his 'requirements'...Then chose a solution which mentions scrapping logs files...go figure... – Froyke Apr 11 '17 at 21:27
  • 1
    @Froyke - just seen this, ultimately I didn't mark the answer as accepted due to the log-scraping comment - I accepted the answer due to the first two words, which give the correct answer to my original question, which was centred specifically around CloudFormation. – Craig Watson Jul 24 '17 at 17:56
9

If you want to get the private ip address of an elb, check network interfaces under network and security in you ec2 dashboard.

030
  • 5,731
  • 12
  • 61
  • 107
JasdeepSingh
  • 111
  • 1
  • 3
  • 1
    He is actually correct, if you goto network interfaces, you can see all your network interfaces. If you query for your ELB name, it will filter out everything but the interfaces that you have on that ELB, and then you can drill down. Not programatic, but works. – cgseller Aug 16 '17 at 16:26
  • This is accurate and deserves more upticks. – Edward Oct 09 '17 at 14:04
  • Thanks for the hint. Does it remain static? – Aftab Naveed Jun 21 '18 at 10:47
  • no. IPs for ELBs doesn't stay static. they change very frequently. you can observe it by just pinging the elb endpoint – JasdeepSingh Jul 17 '18 at 18:14
7

JQ parsing version, just FYI.

aws ec2 describe-network-interfaces --filters "Name=description,Values=ELB your-elb-name" --output json | jq ".NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress"
arbabnazar
  • 499
  • 6
  • 9
BlackPioter
  • 89
  • 1
  • 4
5

Unfortunately not. I've gone back and forth with our AWS solutions engineer on this and currently there's no way to query the internal IPs for an ELB. I'm currently scraping log files to find them.

Jason Floyd
  • 1,672
  • 1
  • 13
  • 17