Question 18691 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

EC2 pub/sub pattern in AWS – Amazon Web Sevices

Given the following scenario:

  • One EC2 instance containing an app A, that acts as publisher.
  • N EC2 instances containing an app B, that acts as subscriber.

and

  • Both apps A and B cannot be exposed on the Internet (internal).
  • Apps B can be in multiple regions.

What is the AWS service used for this pub/sub pattern?
I am having issues with the subscription part. I would like to use AWS SNS HTTP/HTTPS subscriptions, but internal addresses are not accepted (only public addresses).

About the following article:

https://aws.amazon.com/premiumsupport/knowledge-center/sns-subscribe-private-http-endpoint/

I cannot create one AWS Lambda function per subscriber, and for avoid
that, I will need to maintain a registry of every subscriber internal
address in my Lambda function in order to route traffic to every
subscriber, which in fact is a pub/sub pattern inside my Lambda
function and I don’t think is a good solution.

Tags:

2

Answers


  1. 0

    If you connect to SNS via VPC endpoint you won’t traverse the Internet. SNS is a great solution for your use case.

    How to connect SNS

    This diagram shows a VPC that contains an Amazon EC2 instance. The instance connects to Amazon SNS through an interface VPC endpoint. This type of endpoint connects to services that are powered by AWS PrivateLink. With this connection established, you can log in to the Amazon EC2 instance and publish messages to the Amazon SNS topic, even though the network is disconnected from the public internet.

    As for the subscription, if you can’t use HTTP/S protocol you can utilize a Lambda or an SQS queue as a subscriber to SNS and pull from (in case of SQS) or push to (in case of Lambda) the receiving EC2.

    Login or Signup to reply.
  2. 0

    You could just write one AWS Lambda function that calls describe_instances() and filters by the Auto-Scaling Group identifier.

    Then, it could loop through the list of instances and send an HTTP request to the IP address of each instance.

    This is simpler than using Amazon SNS because instances do not need to ‘register’ to receive a message. The mere fact that they belong to the Auto Scaling Group means they will be sent the message.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search