How to associate an ElasticIP to an API Gateway in AWS

amazon-web-services

I'd like to have an API gateway to act a proxy that talks to an External API (let's call it E-API) with an attached token, on behalf of my AWS resources (Lambda, EC2 etc).

But E-API only accepts requests from certain whitelisted IPs agreed upon beforehand.

So we got an Elastic IP, but I'm kinda stumped about how to associate the IP with my API Gateway: so that when it sends off a HTTP to the E-API, it identifies itself as emerging out of that Elastic IP.

I have tried poking around the settings for VPC and Route53 but need help on how I can move forward?

Best Answer

It's not possible to associate an Elastic IP address with an API Gateway.

However, even if it was possible, it would not solve your issue. This is because your executing code (either Lambda or an EC2-instance behind-the-scenes) is where your logic is running. It is from there that you want to have a fixed IP address that you can whitelist.

This is possible to do using a NAT Instance or NAT Gateway with an Elastic IP address.

  1. Setup a VPC to run your code in.
  2. Create a public subnet with a NAT instance or NAT gateway. Give this an Elastic IP address.
  3. Create a private subnet that talks to the internet via the NAT gateway.
  4. Configure your Lambda function(s) or your EC2 instances to execute in the private subnet.

If you do this, then all out-bound connections from your functions will exit from the NAT with the fixed IP address. You can then whitelist that Elastic IP address.

Related Topic