This is the second part of a two-part article. If you are just joining us here, you can catch up by reviewing part 1. Click here to view part 1.
Great now if you have made it this far then I know you mean business. This article will look at the theory and practical steps required to create a static source IP Address for Elastic Beanstalk Load Balanced environment that connects to MongoDB Atlas. Let’s look at a more in-depth architecture design of what we will need to create in AWS. This article will serve you best if you had some experience with AWS and fundamental knowledge in networking, especially when it comes to IP addresses and subnetting.
In this article, we will look at how to create our own custom VPC and deploy a high available Elastic Beanstalk environment.
Now let’s take a look at what we’ll need to design in AWS to create a static source IP Address for our scenario.
Let’s Get Into It!
The diagram above might look a little daunting but we will take a closer look at it to gain a better understanding.
Virtual Private Cloud
Our first component will be the VPC. AWS gives you the power of global data centers at your fingertips. It’s no magic, it utilizes much of the same principles in networking as you would imagine like any on-premise site. VPC, is short for Virtual Private Cloud, and is the networking layer for running computing resources, i.e virtual machines with virtual networks in AWS. This virtual network matches a traditional network that you’d operate in your own data center. Inside of it, you would need to launch other networking components like routers and internet gateway.
AWS is made of regions of which are a grouping of independent separated data centers in specific geographical regions called “availability zones”. So they have data centers all over the world to properly design applications for fault tolerance. We will need to ensure we have created a VPC to launch our environment in.
Subnetting lets a network administrator break a network into sub-sections. Each subnet allows us to logically group host machines for a particular purpose. In our design, you would see four (4) subnets: publicA, publicB, privateA and privateB. These subnets are created for us to launch our instances in. In short, the instances that we want to launch in Elastic Beanstalk will be launched in our private subnets i.e subnet privateA and privateB. This primarily adds additional security for our servers.
Instances created in private subnets will not be directly accessible from the internet nor will they be able to reach the internet from the inside out unless we make some modifications. The only way to get access to them is from inside the VPC. However there might be an occasion when these instances need to reach out to the internet to download security patches and external libraries, in our scenario it needs to be able to reach MongoDB Atlas. This can be achieved by creating a NAT Gateway in our public subnets.
Public and Private Subnets
First off, in AWS what makes a subnet private or public? Well, subnet becomes public when the subnet gets associated with a route table with routes that point to an Internet Gateway. A subnet becomes private when the subnet gets associated with a route table that doesn’t have direct access to an Internet Gateway.
An Internet Gateway allows us to connect to the internet.
You can use a Network Address Translation (NAT) Gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. If we look back at our diagram you can see our private subnets privateA and privateB are associated with the private route table. Our private route table is then associated with our NAT Gateway that we would need to create in our publicA subnet. NAT Gateway needs to be deployed in a public subnet that way it can have access to the internet.
The diagram shows how the private subnets get internet access through our NAT Gateway. The NAT Gateway doesn’t work on its own, later we will see that we would need to attach an Elastic IP Address to NAT Gateway, this IP Address would be a public-facing IP Address for the instances we create in our private subnets. Also, this Elasitic IP is the same IP Address we will put in our MongoDB Atlas network access whitelist for the Elastic Beanstalk instances.
You haven’t, you can sign up for MongoDB Atlas free tier. If you have an application of your own you can follow this tutorial to set up the connection driver for your chosen platform that you will use to connect with MongoDB Atlas.
Now the moment you’ve been waiting for; below you can find a quick video on the steps you would need to do to get all of this working. Happing Coding ~