1

I have a load balancer created in my VPC with two subnets. Now I want to open a firewall rule from within my company intranet. I have no control over this firewall. But to open a rule on the firewall - the firewall team is accepting only ip addresses and not the DNS names.

But since the IP address of the load balancer keeps changing I can't give it to the firewall team. That's where I am stuck.

How can I open a firewall rule to an AWS load balancer from within my intranet?

Improve this question

1 Answer 1

Reset to default
3

You are correct that an Application Load Balancer does not provide static IP addresses.

You might be able to change to a Network Load Balancer:

Elastic Load Balancing creates a network interface for each Availability Zone you enable. Each load balancer node in the Availability Zone uses this network interface to get a static IP address. When you create an Internet-facing load balancer, you can optionally associate one Elastic IP address per subnet.

It is also possible to put a Network Load Balancer in front of an Application Load Balancer to gain the benefits of both.

See: Using static IP addresses for Application Load Balancers | AWS Networking & Content Delivery Blog

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks John. But this isnt an optimal solution for my case. Adds couple of layers which needs to be maintained. And this really looks like a hack instead of a proper solution !
You might be able to only use a Network Load Balancer (instead of an Application Load Balancer). If so, it would be a very clean solution.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.