What if you want to assign static, private IP addresses to instances in an auto scaling group, and you do not want to use a load balancer? nor grant permissions to attach network interfaces in a startup script? in this blog I will introduce the network interface manager utility which allows you to assign using static IP addresses for instances in an auto scaling group
The network interface manager, manages the assignment of a pool of network interfaces to instances. When the instance is stopped or terminated, the interface is removed. When a new instance is started, an interface from the pool is assigned to it.
How does it work?
The manager will listen to all EC2 instance state change notifications. When an instance with the tag network-interface-manager-pool
reaches the state running, it will assign a free network interface with the same tag and tag value in it’s subnet.The manager also syncs the state every 5 minutes, to ensure that we are eventually consistent in the face of errors.
How do I use it?
You can start using the network interface manager, in three simple steps:
- deploy the network-interface-manager
- create a pool of tagged network interfaces
- create an auto scaling group of tagged instances
deploy the network-interface-manager
To deploy the provider, type:
git clone https://github.com/binxio/ec2-network-interface-manager.git
cd ec2-network-interface-manager
aws cloudformation create-stack
--capabilities CAPABILITY_IAM
--stack-name network-interface-manager
--template-body file://./cloudformation/network-interface-manager.yaml
aws cloudformation wait stack-create-complete --stack-name network-interface-manager
Create a pool of Network interfaces
Create a pool of network interfaces, and tag them with an network-interface-manager-pool
value:
InterfaceAZ1:
Type: AWS::EC2::NetworkInterface
Properties:
Tags:
- Key: network-interface-manager-pool
Value: bastion
InterfaceAZ2:
Type: AWS::EC2::NetworkInterface
Properties:
Tags:
- Key: network-interface-manager-pool
Value: bastion
Create an auto scaling group
Create an auto scaling group and apply the tag network-interface-manager-pool
to all the instances:
AutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
...
Tags:
- Key: network-interface-manager-pool
Value: bastion
PropagateAtLaunch: true
The manager will automatically associate network interfaces to instance tagged with network-interface-manager-pool
. It does
this by subscribing to EC2 state change events. It will not do anything on instances without the
tag network-interface-manager-pool
. The network interface manager also syncs the state every 5 minutes, to ensure that we are eventually
consistent in the face of errors.
That is all. If you want to see it all in action, deploy the demo.
Deploy the demo
In order to deploy the demo, type:
read -p "vpc id: " VPC_ID
read -p "three subnet ids: " SUBNET_IDS
aws cloudformation create-stack
--capabilities CAPABILITY_NAMED_IAM
--stack-name network-interface-manager-demo
--template-body file://./cloudformation/demo-stack.yaml
--parameter Name=VPC,Value=$VPC_ID Name=Subnets,Value=$SUBNET_IDS
aws cloudformation wait stack-create-complete --stack-name network-interface-manager-demo
Caveats
As network interfaces are bound to an availability zone, the auto scaling group should also be tied to
a single availability zone. Otherwise. instances can be rescheduled in another AZ leaving the network
interfaces from the pool unattached.
Alternatives
There are two alternative solutions to achieve the same functionality:
- use a network load balancer
- associate an network interface on instance startup.
In my use case, I did not want to spent money on keeping an NLB running nor give the instance all the permissions to attach network
interfaces.
Conclusion
With the network interface manager, you can dynamically bind a range of static, private IP addresses to auto scaling group instances. If
you are looking for binding Elastic IPs, you can use the
EC2 elastic IP manager.