Assigning Static IP Address to AWS Load Balancer

Question

How can I assign a static IP address to a ELB. Seems like I cannot.

Some articles online asks to create a Route 53 record but this requires changing CNAME of domain which also redirect email traffic. I just want to change A record not CNAME.

Some articles also mention that I can use a EC2 instance as a reverse proxy. But will a single proxy be able to handle a lot of traffic?

Any solution for this?

Possible duplicate of [AWS Load Balancer with a static IP address](http://stackoverflow.com/questions/13767349/aws-load-balancer-with-a-static-ip-address) — Volkan Paksoy, Feb 10 '16 at 13:11
AWS has [announced a Network Load Balancer](https://aws.amazon.com/blogs/aws/new-network-load-balancer-effortless-scaling-to-millions-of-requests-per-second/) that supports assigning static IPs (EIPs). It operates at the TCP level so you won't be able to use layer 7 features like ELB stickiness or ssl termination — Patrick, Sep 11 '17 at 22:07
Please see response below. The problem is you need to change Paradigms. AWS is not a Data Center and it shouldn't be treated like so, you have to change the way you look at it in order to know its limitations and WHY they're there. They usually bend to customer's will, and have with the NLB but the idea of the cloud is to be as flexible and decoupled as you can. — eco, Aug 23 '18 at 19:14

score 57 · Accepted Answer · answered Feb 10 '16 at 14:21

57

AWS' Elastic Load Balancer is actually elastic on two levels as described here: http://shlomoswidler.com/2009/07/elastic-in-elastic-load-balancing-elb.html

The first level is the load balancer itself. In order to make sure that ELB can scale to whatever volume you have and burst to whatever volume you suddenly encounter, AWS assigns a 'static' DNS hostname (e.g. MyDomainELB-918273645.us-east-1.elb.amazonaws.com). That hostname points to multiple IP addresses. You can see that (from a command line) by running

$ host MyDomainELB-918273645.us-east-1.elb.amazonaws.com
MyDomainELB-918273645.us-east-1.elb.amazonaws.com 172.31.7.2
MyDomainELB-918273645.us-east-1.elb.amazonaws.com 172.31.11.33

The second form of elasticity within the ELB is obviously then ELB directing the query to one of your EC2 instances in the pool.

So, you can see that trying to assign a static IP address to the load balancer would be self-defeating.

Using an EC2 instance as a reverse proxy would also seem self-defeating as you would then create a bottleneck before even getting to the ELB. Might as well just create your own load balancer.

The recommended solution (which you've pointed out) is to create a CNAME that points to the ELB hostname (which won't change).

i.e. my-app.mycompany.com -> MyDomainELB-918273645.us-east-1.elb.amazonaws.com

This would allow you to integrate your scalable application, behind the ELB within your domain.

I'm not sure I fully understand why you cannot create a CNAME in your DNS or what that has to do with directing email traffic, can you explain?

answered Feb 10 '16 at 14:21

Brooks

6,001
4
44
75

If I change CNAME then my email traffic also directs to AWS. I don't want that. My domain name is registered in 1and1. If I change CNAME then my 1and1 mail is not working. Please help – Narayan Prusty Feb 10 '16 at 14:29
4

You can't simply ADD a CNAME? You only get 1 CNAME? That's not why it's called 1and1, is it? – Brooks Feb 10 '16 at 14:39
12

CNAME is only for subdomains. What about the main domain? How can I point example.com to a load balancer? – Narayan Prusty Feb 10 '16 at 14:47
6

Well, I am not a DNS guru, but if I am not mistaken, the 'www' from www.example.com is a CNAME, so you could simply point 'www' to the ELB. If 1and1 allows a small webhosting package, you could then write a simple html page to forward visitors to from http://example.com to http://www.example.com, thus sending them to your ELB. – Brooks Feb 10 '16 at 14:54
7

Also, if I'm not mistaken, MX records are for email routing. Can't you use your MX records to direct email completely independent of where your domain points? For example, I have my domain parked, so the root domain doesn't actually bring you anywhere, but I have multiple CNAME's and my MX records which then point to a completely separate, 3rd party email hosting provider (Zoho). Again, I'm not a DNS expert, but I feel like this is an easily solved problem... – Brooks Feb 10 '16 at 15:01
Thanks for the help @Brooks. Seems like this is the only solution. – Narayan Prusty Feb 10 '16 at 15:06
Just to be clear: It does make sense to have elasti ip adresses onto a Load Balancer. It also can make sense to only have on static ip adress onto a LoadBalancer. AWS doesn't support it but they could, in theory, add a feature where you would add a group of ip addresses onto your load balancer. – sigi Aug 31 '17 at 10:53
Perhaps, but for what purpose? What value (other than converting a static host name into a static ip) would it serve to point an EIP to an ELB? – Brooks Aug 31 '17 at 11:00
2

You can also use a A record with type "Alias" to point to an elb. This works for example.com and subdomain.example.com. For those curious, a static IP on an NLB is possible. It's useful for service which do not do a dns lookup on each query, but only do the dns lookup once at startup or first usage, or for something like nginx proxy, which once a connection is lost, it never re-examines the ip. – nelsonenzo Apr 09 '18 at 19:53
This is what happens when people think the Cloud is nothing but an externally managed data center with direct to metal hardware....Using the right tool for the right job is where's at. – eco Aug 23 '18 at 19:13
NLB does allow static IP address, so static IP is not connected to ELB elasticity (i.e. "first level"). Right? – theaws.blog May 05 '19 at 04:55
@Brooks I have a question here. Whenever we stop/start a load balancer, it will create a new hostname, so if we point CNAME to load balancer's hostname, we have to keep updating it all time? – Hieu Le Sep 11 '20 at 09:18
@HieuLe Its been a while since I’ve worked with ELB, so I can’t say for sure but I doubt it. You point the CNAME to the load balancer itself, not the host and. – Brooks Sep 11 '20 at 10:42

score 13 · Answer 2 · answered Dec 19 '17 at 08:55

A new feature in AWS (I believe it was announced at Re:Invent 2017) allows for static IPs with Network Load Balancers (NLB). NLB can only handle layer 4 (TCP) and not HTTP specifics (layer 7).

You can assign one Elastic IP address per availability zone.

For details see the AWS blog post or the NLB documentation.

The "Classic Load Balancer" and "Application Load Balancer" do not support static IPs. If you need a feature only provided by those, you have to fall back to the CNAME solution described above.

Aditya · Answer 3 · 2018-04-25T15:33:09.353

10

A blog was recently published by AWS support on this topic leveraging NLB to provide static IP to Classic and Application load balancer - https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/

Summary of solution as described by the post

We end up with a TCP listener on a NLB that accepts traffic and forwards it to an internal ALB. The ALB terminates TLS, examines HTTP headers, and routes requests based on your configured rules to target groups with your instances, servers, or containers. The AWS Lambda function keeps everything in sync by watching the ALB for IP address changes and updating the NLB target group. In the end we’ll have a few static IP addresses that are easy for whitelisting, and we won’t lose any of the benefits of ALB. Note that we will be sending all of the traffic through two load balancers

edited Apr 25 '18 at 15:33

answered Apr 25 '18 at 12:28

Aditya

610
4
11

1

It gets deleted if the answer isn't edited to include relevant details. Far too often, links go dead - causing the once-useful answers to become very unhelpful. Since you've edited the post to include relevant details - all's fine! – Rob Apr 26 '18 at 01:03
the downside of this solution is, that you loose direct access to the client ip address – squiddle Jan 21 '19 at 20:20
@squiddle : NLB can be configured to use Proxy Protocol that send client ip address to the target ([doc])(https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol). But the destination need to be able to read it like [Apache mod_remoteip](https://httpd.apache.org/docs/2.4/en/mod/mod_remoteip.html#remoteipproxyprotocol). Not sure that AWS ALB can read it. Another news is that NLB can now do TLS termination but let the destination receive client ip ([blog])(https://aws.amazon.com/blogs/aws/new-tls-termination-for-network-load-balancers/). – Franck Apr 22 '19 at 18:11

C Rudolph · Answer 4 · 2021-03-02T14:27:52.870

7

I found setting up AWS Global Accelerator very straight forward and simple. It created 2 static IP Addresses and a static DNS pointing to my Application load balancer.

Configuring Global Accelerator

Set listeners as TCP port 80, 443
Select your load balancer endpoint (AWS Global Accelerator Configuration)
Add cname record for your dns pointing to the static dns it created (mywebsite.com > globalacceleratorDNS.com). If any client needs to whitelist, give them the 2 static IP it created

Pricing is $18 per month + a few pennies per GB of data transfer. I'm pretty sure its cheaper than the NLB, Nat Gateway, Elastic IP setup.

https://docs.aws.amazon.com/global-accelerator/latest/dg/about-accelerators.html

edited Mar 02 '21 at 14:27

answered Oct 14 '19 at 20:17

C Rudolph

372
4
3

Does it carry the client IP to the application ? – Tarun Gupta Dec 12 '20 at 07:12
I honestly do not know my apologies, we do not use IP data in our application – C Rudolph Dec 17 '20 at 20:18
Yes, it does. https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html – Aurvoir Jan 09 '21 at 04:35
@CRudolph In step #3, you are adding CNAME record to point to GlobalAccelerator's DNS. Why not point CNAME record directly to ELB DNS? – CᴴᴀZ Jan 13 '21 at 11:02
Chaz, if you do that any requests to mywebsite.com will bypass global accelerator. That means that the IP for mywebsite.com would not be the static IP – C Rudolph Jan 15 '21 at 17:13

Slawomir · Answer 5 · 2019-05-17T19:20:11.430

Unlike the Network Load Balancer, the Application Load Balancer (ALB) does not support Elastic IPs, but that's not the worst part. If you use Route 53 together with the ALB, the DNS automatically sets the TTL to 60 seconds. This appears to be causing problems for our institutional - mainly government - customers running older Windows DNS servers. They just can't keep up with the ALB's Listener changing its public-facing IP on such a short notice. Older DNS infrastructure is either not respecting or is not capable of handling such aggressive TTL.

While I don't like it, AWS recommends to put a Network Load Balancer in front of the Application Load Balancer, per here: https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/

Assigning Static IP Address to AWS Load Balancer

5 Answers5

Linked