Assigning Static IP Address to AWS Load Balancer

How can I assign a static IP address to a ELB. Seems like I cannot.

Some articles online asks to create a Route 53 record but this requires changing CNAME of domain which also redirect email traffic. I just want to change A record not CNAME.

Some articles also mention that I can use a EC2 instance as a reverse proxy. But will a single proxy be able to handle a lot of traffic?

Any solution for this?

AWS' Elastic Load Balancer is actually elastic on two levels as described here: http://shlomoswidler.com/2009/07/elastic-in-elastic-load-balancing-elb.html

The first level is the load balancer itself. In order to make sure that ELB can scale to whatever volume you have and burst to whatever volume you suddenly encounter, AWS assigns a 'static' DNS hostname (e.g. MyDomainELB-918273645.us-east-1.elb.amazonaws.com). That hostname points to multiple IP addresses. You can see that (from a command line) by running

$ host MyDomainELB-918273645.us-east-1.elb.amazonaws.com
MyDomainELB-918273645.us-east-1.elb.amazonaws.com 172.31.7.2
MyDomainELB-918273645.us-east-1.elb.amazonaws.com 172.31.11.33

The second form of elasticity within the ELB is obviously then ELB directing the query to one of your EC2 instances in the pool.

So, you can see that trying to assign a static IP address to the load balancer would be self-defeating.

Using an EC2 instance as a reverse proxy would also seem self-defeating as you would then create a bottleneck before even getting to the ELB. Might as well just create your own load balancer.

The recommended solution (which you've pointed out) is to create a CNAME that points to the ELB hostname (which won't change).

> i.e. my-app.mycompany.com -> > MyDomainELB-918273645.us-east-1.elb.amazonaws.com

This would allow you to integrate your scalable application, behind the ELB within your domain.

I'm not sure I fully understand why you cannot create a CNAME in your DNS or what that has to do with directing email traffic, can you explain?

A new feature in AWS (I believe it was announced at Re:Invent 2017) allows for static IPs with Network Load Balancers (NLB). NLB can only handle layer 4 (TCP) and not HTTP specifics (layer 7).

You can assign one Elastic IP address per availability zone.

For details see the AWS blog post or the NLB documentation.

The "Classic Load Balancer" and "Application Load Balancer" do not support static IPs. If you need a feature only provided by those, you have to fall back to the CNAME solution described above.

A blog was recently published by AWS support on this topic leveraging NLB to provide static IP to Classic and Application load balancer - https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/

Summary of solution as described by the post

> We end up with a TCP listener on a NLB that accepts traffic and forwards it to an internal ALB. The ALB terminates TLS, examines HTTP headers, and routes requests based on your configured rules to target groups with your instances, servers, or containers. The AWS Lambda function keeps everything in sync by watching the ALB for IP address changes and updating the NLB target group. In the end we’ll have a few static IP addresses that are easy for whitelisting, and we won’t lose any of the benefits of ALB. Note that we will be sending all of the traffic through two load balancers

I found setting up AWS Global Accelerator very straight forward and simple. It created 2 static IP Addresses and a static DNS pointing to my Application load balancer.

Configuring Global Accelerator

1. Set listeners as TCP port 80, 443

2. Select your load balancer endpoint (AWS Global Accelerator Configuration)

3. Add cname record for your dns pointing to the static dns it created (mywebsite.com > globalacceleratorDNS.com). If any client needs to whitelist, give them the 2 static IP it created

Pricing is $18 per month + a few pennies per GB of data transfer. I'm pretty sure its cheaper than the NLB, Nat Gateway, Elastic IP setup.

https://docs.aws.amazon.com/global-accelerator/latest/dg/about-accelerators.html

Unlike the Network Load Balancer, the Application Load Balancer (ALB) does not support Elastic IPs, but that's not the worst part. If you use Route 53 together with the ALB, the DNS automatically sets the TTL to 60 seconds. This appears to be causing problems for our institutional - mainly government - customers running older Windows DNS servers. They just can't keep up with the ALB's Listener changing its public-facing IP on such a short notice. Older DNS infrastructure is either not respecting or is not capable of handling such aggressive TTL.

While I don't like it, AWS recommends to put a Network Load Balancer in front of the Application Load Balancer, per here: https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/

For little traffic, it might be a solution to set up an EC2 Instance running Nginx as a forwarding proxy.

So you can use the EC2's static IP Address to forward your traffic resolving the ALB's DNS name.

However, it's a kind of a hack, but using a Global Accelerator or an NLB seems to me also like a hack :-)