Hi 
I need to get the outgoing ip of one of my services to be able to bypass some app security. Do you have a common way to do this?
Quick explanation:
[ Service Front ]=> Request => [ Service API ] => Request => [ AWS Api Gateway ] => [ AWS LAMBDA SECURED BY IP WHITELIST ].
Thanks a lot for your help 
Hi,
You’ll find the info here How to find Static IP's location in Qovery console? - #3 by Pierre_Mavro
To find your static IP addresses, you can on your AWS account, select the VPC service. Finally, on the left menu, you’ll find Elastic IP addresses . Once on it, in the Allocated IPv4 address column, you’ll have your public IPs.
Pierre
Hello @Pierre_Mavro,
I don’t need to have static IP addresses. I just need to read the ipv4 ip of the instance where my service is running.
I’m just asking if you have a common way to do this when I deploy my service or my lifecycle job?
Mike.
Ok @Mike ,
I guess you can configure the whole subnet so it will always work. You can find the one used in your cluster settings:
You can’t configure only 1 IP as your application will move from node to node during it’s lifecycle, and the IP will change. So the CIDR is by far the best option.
Does it answer your question?
Pierre
Hmm, I can’t use VPC subnet range cause in my case my service (into Qovery) call an AWS API GATEWAY and the Lambda behind look at the client IP. So it’s the IPV4 EC2.
Correct me if I’m wrong but on the lifecycle if my service move from node to node a deployment should be occur, isn’t it? so my command to upsert the IP into the security things should be done each time, no?
I’m agree with you, an Elastic IP should be a better practice, but my concerns is about the number of IP I’ll need to create when we will create X Preview Env and when our cluster will grow up.
Maybe I’m wrong somewhere ^^
Hi @Mike ,
Sorry, I’m not familiar with lambda’s requirements. If you want to trigger information from the node you’re running on, you can use AWS metadata: Retrieve instance metadata - Amazon Elastic Compute Cloud
Correct me if I’m wrong but on the lifecycle if my service move from node to node a deployment should be occur, isn’t it? so my command to upsert the IP into the security things should be done each time, no?
I’m not 100% sure to get your sentence so let me rephrase it and please correct me if I’m wrong. You’re asking if when an application move from one node to another, if a Qovery deployment is made. The answer is no. Kubernetes is doing the move job. But no update is made by Qovery since nothing has changed (env vars, commit id, resources…). So if you expect things to change anytime an app is starting, you should instrument it inside your application or create a container instead which will do it before your app starts.
I’m agree with you, an Elastic IP should be a better practice, but my concerns is about the number of IP I’ll need to create when we will create X Preview Env and when our cluster will grow up.
From my experience, using IP addresses to secure something is good, but always painful in terms of maintenance (when things change). If you can use instead an AWS token (with roles), it will take a little bit more setup at the beginning, but then you’ll be free of maintenance. Here is an example with S3, but I guess lambda is the same (Use AWS IAM roles with Qovery | Qovery)
Hello @Pierre_Mavro
Sorry for the delay
Yes I know K8 cluster could move my application, it was, and sorry for my english 
, more if I could get an event from somewhere on the move. But I understand it is not possible 
For the moment I have run an aws cli ec2 with filtering to get all public ip from the Qovery K8 instances and I update the postgresql security table. It’s not perfect but it does the job for now before I remove this “application security” into “infrastructure security”.
I will take a look for sure to the AWS token by roles!
Thanks a lot for your help
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
