skip to Main Content

We have 10 instances which we deployed the app using the AWS ECS and ELB

Due to security reasons the API allows request only through specific IP whitelisted IP addresses.

So we are planning to pass the request through the proxy

How to route an API request go through a proxy

We are using nginx

Any specific way to route an API request go through a proxy will be helful

2

Answers


  1. You won’t need NGINX as a proxy for this use-case, I’d propose to consider looking into using AWS NAT Gateways. NAT Gateway is a highly available AWS managed service that makes it easy to connect to the Internet from instances within a private subnet in an Amazon Virtual Private Cloud (Amazon VPC). Its the perfect place to provide a static IP to all your subnet’s outbound traffic.

    In order to provide a NAT Gateway with static IP (Elastic IP) for your cluster’s outbound traffic. This will allow your different tasks running inside your ECS cluster’s private subnets to look like a single requesting entity from an outsider’s POV (in your case, the 3rd party API is the outsider). To achieve this, you will have to:

    • Create 2 route tables (1 for private subnets, 1 for public subnets)
    • Internet gateway on the public subnet
    • Elastic IP address
    • Create a NAT Gateway and attach the elastic IP to it (This will be the IP whitelisted to the 3rd party API)
    • Ensure that all your tasks are running inside private subnets of the VPC
    • Add a rule in your route table for your private subnets that redirects outbound 0.0.0.0/0 to the NAT Gateway.
    • Add a rule in your route table for your public subnets that redirects outbound traffic 0.0.0.0/0 to the internet gateway.
    Login or Signup to reply.
  2. You should consider using NAT Gateway instead. I am assuming you already would have all your containers in a VPC, so you can create a new NAT Gateway within this VPC itself.

    You can refer to articles attached below to do this:

    1. https://docs.aws.amazon.com/appstream2/latest/developerguide/add-nat-gateway-existing-vpc.html

    2. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

    Note: NAT Gateways have price associated with them.

    If needed, you can use the elastic IP provided by NAT Gateways on your lambdas as well.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search