I’m having an private subnet and a NAT gateway connected to it. The NAT gateway has its own primary public IPv4 assigned by default while creating.
I have an EC2 inside the private subnet which is trying to connect to an 3rd party service provider to get some data and our IP address needs to be whitelisted in their systems. For that I have already created an Elastic IP and whitelisted with the 3rd party service provider.
Since the NAT gateway created its own primary public IPv4 address, is it possible to remove that and add the whitelisted IP address to the NAT gateway?
2
Answers
Yes.
You should detach the Elastic IP address from the Amazon EC2 instance. Then, attach the Elastic IP address to the NAT Gateway.
You can also use associate-nat-gateway-address — AWS CLI Command Reference to associate an Elastic IP address to a NAT Gateway.
Worst case, delete the NAT Gateway and create it again. During the configuration, make sure you select the Elastic IP address that has been whitelisted.
The traffic from your Amazon EC2 instance will then go through the NAT Gateway. When the traffic goes from the NAT Gateway to the Internet, it will be coming from the Elastic IP address.
You have one of 2 options
You can create a new natgateway: When you create the NATGW, you have the option to choose a specific EIP allocation; and so you can use the EIP you whitelisted the other end.
(If deleting and recreating is not an option): You can add a secondary IP to your NATGW, and associate with the needed EIP you want to associate: In that case, probably you will need to whitelist both IPs: The one created by default, and the latter you added. So basically, not what you need, as you would need to whitelist the original one as well.
Note: If you try to go to the ENI associated with your NATGW, and de-associate the original default public IP (to associate yours next), it would fail. I don’t think that is allowed: I created a test NATGW, and tried: was told I don’t have access to do so, though I am admin, which means probably this is not a possible operation to change the primary public IP address associated with your NATGW, while you can add secondary if you want.