How to Permanently Assign an Elastic IP to AWS Elastic Beanstalk Applications with Load Balancer


2 views

When working with AWS Elastic Beanstalk, the dynamic nature of instances creates complications for static IP addressing. Traditional Elastic IP assignment works perfectly for standalone EC2 instances, but breaks in auto-scaling environments where instances may be terminated and replaced automatically.

Instead of trying to attach an Elastic IP directly to instances behind a load balancer (which would break when instances cycle), we should leverage AWS's DNS capabilities. Your domain (mydomain.com) should point to either:

  • The Elastic Beanstalk environment's CNAME (recommended)
  • Your Application Load Balancer's DNS name
  • A CloudFront distribution fronting your EB environment

Here's how to properly configure your domain to work with Elastic Beanstalk:

# Get your EB environment endpoint
aws elasticbeanstalk describe-environments \
  --environment-names your-env-name \
  --query 'Environments[0].CNAME' \
  --output text

# Route 53 Alias record configuration (JSON)
{
  "Comment": "Point domain to EB environment",
  "Changes": [{
    "Action": "CREATE",
    "ResourceRecordSet": {
      "Name": "mydomain.com",
      "Type": "A",
      "AliasTarget": {
        "HostedZoneId": "Z2FDTNDATAQYW2", // ELB zone ID
        "DNSName": "your-env.elasticbeanstalk.com",
        "EvaluateTargetHealth": false
      }
    }
  }]
}

If you absolutely need a static IP (e.g., for firewall whitelisting), consider:

  1. Creating a Network Load Balancer (NLB) in front of your EB environment
  2. Assigning Elastic IPs to the NLB's nodes

NLB configuration snippet:

Resources:
  NetworkLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Type: network
      Subnets: 
        - subnet-123456
        - subnet-789012
      LoadBalancerAttributes:
        - Key: load_balancing.cross_zone.enabled
          Value: true

After implementation, verify your setup:

  • Run dig mydomain.com to check DNS resolution
  • Configure EB health checks to monitor endpoint availability
  • Set up CloudWatch alarms for HTTP 5xx errors

When working with AWS Elastic Beanstalk in environments requiring whitelisted IPs or DNS configurations, the dynamic nature of instances creates a problem. Traditional Elastic IP assignment doesn't work seamlessly because:

  • Auto-scaling groups spawn new instances without Elastic IPs
  • Load balancers receive traffic before instances
  • Instance termination breaks existing Elastic IP associations

The most robust solution involves placing your EB environment behind a NAT Gateway with Elastic IP:

# CloudFormation snippet for NAT setup
Resources:
  NatGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !Ref ElasticIP
      SubnetId: !Ref PublicSubnet
  
  ElasticIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

For HTTP/HTTPS traffic, configure your ALB to use a Network Load Balancer (NLB) with static IPs:

# EB configuration file (.ebextensions/alb-nlb.config)
option_settings:
  aws:elasticbeanstalk:environment:
    LoadBalancerType: network

If you simply need consistent DNS resolution:

  1. Create an A record alias to your EB environment
  2. Set TTL appropriately (300+ seconds)
  3. Verify health checks

Remember to update security groups to allow traffic from your Elastic IP:

aws ec2 authorize-security-group-ingress \
    --group-id sg-903004f8 \
    --protocol tcp \
    --port 443 \
    --cidr 192.0.2.44/32

Implement CloudWatch alerts for:

  • NAT gateway bandwidth thresholds
  • Elastic IP attachment status
  • DNS resolution failures