Whitelisting AWS NAT Gateway IP Addresses
Yet again, I was deceived by the Amazon Web Services (AWS) console. Now it doesn't help that my notes never seem to marry up with the current state of the UI. This time the issue was with a small oversight on my part when looking at the NAT gateway list.
The task I set out to accomplish was whitelisting the IP address from our NAT
gateway over in another service. I went to the NAT gateway list, grabbed the
Primary public IPv4 address and punched it in.
After waiting impatiently for the third-party service to do whatever magic they needed to, things were finally working. Easy peasy. That is, until the next deploy. With a new batch of changes in QA to test, I was hit with new errors regarding a different IP address than the one I had added to the whitelist.
But, the NAT gateway has a static IP address, right? RIGHT? I was able to confirm that, but I was still blocked. After some head scratching and soul searching about whether or not I should hang up computers, it dawned on me.
Herp. Each subnet has its own IP address.
Derp. Each subnet's IP address would need to be whitelisted.
Clicking the NAT Gateway ID from the list takes you to a page that shows all
of the associated IP addresses. The word "primary" didn't quite click for me,
clearly.
With both IPs loaded into the other system, and another round of waiting impatiently, things all started to work again.
Of course, you don't need to worry about a second IP if you don't have a second subnet attached to the NAT gateway. Amazon's little VPC wizard creates 2 subnets by default, so most folks are probably in the same boat.
I'm just happy (and fortunate) this didn't turn into hours of slamming my head against the keyboard.