I want to assign an elastic ip address to an AWS Transfer SFTP service because outbound SFTP connections have to be whitelisted for clients of mine. The FAQ for the "AWS Transfor for SFTP" service reads that you can assign a fixed IP address to a server:
you can enable fixed IPs by building on your SFTP server’s VPC
endpoint. You can create an Network Load Balancer (NLB) with Elastic
IP enabled, within your VPC, and specify your SFTP server’s VPC
endpoint as its target. The associated Elastic IPs will give you one
or more static IP addresses that will not change. These IPs can be
used for firewall whitelisting purposes by your SFTP client users.
However, in the Network Load Balancer configuration I appear to only have the options of selecting targets that are EC2 instances or ip addresses. Is this actually possible to do?
Best Answer
To do this, I’d refer to this blog post on enabling Elastic IPs on the NLB fronting your AWS SFTP server’s VPC endpoint. Specifically, under the “IP address portability” section, refer to in Step 4, when you create the NLB, and configure routing, you will need to specify a Target type of “IP” and TCP port and register the targets for the load as the VPC endpoint’s IP addresses, which you can find in the Subnets tab for that endpoint in the VPC Console.