0

I have a social media website that uses AWS extensively.

Through the site we stream video stored in S3, and this video is delivered through CloudFront.

I have a Client who is one of our biggest users who wants our content to come from a Static IP Address.

Apparently he has a Firewall, and it can only be configured for IP Addresses, not Domain Names.

Unfortunately none of our video content is coming through a Static IP Address. The Domain is the same, but the IP is not.

I have suggested using a Proxy, but apparently this wont work (Ive not been given any explanation as to why it wont work).

This whole situation confuses me, as I can clearly remember configuring my cheap Internet Router at home from 20 years ago to block or unblock both IP Addresses and Domain Names. Every single piece of Firewall Software I have ever used has had the ability to block or unblock both IP Addresses and Domain Names.

The Client I speak to is very friendly, but he is liaising between me and a "Network Engineer" who works at his business.

This Network Engineer just seems to be saying no, without any explanation to myself or the Client, to every suggestion I make. Apparently it is "impossible" to configure the business Firewall to block or unblock Domain Names. A Proxy "just wont work". He is adamant that we must provide him with a Static IP Address.

The Network Engineer also suggested at one point that we are "the only website on the Internet using a dynamic IP Address". I had to explain to my Client that this just isn't true.

I am not networking expert, but I am fairly sure what we are trying to achieve here can be done without a Static IP Address, but I dont know how to proceed when this Network Engineer blocks me at every turn.

This Client is one of our biggest users and I dont want to lose him, but I fear this may be the case if I dont find a solution that his Network Engineer can accept.

Can anyone suggest a course of action for me?

Sorry if this is the wrong place to ask this question. I am just getting quite desperate and want to find a positive resolution to this situation before it gets out of hand. If this is the wrong place, suggestions as to where else I could ask this question would be greatly appreciated.

Improve this question
3
  • From what I understand, AWS instances can have differing IPs under certain circumstances; thus your public IP may not always be the same, but your DNS will update so your domain name will always resolve to your instance. A bit like DynDNS. This might be what the "Network Engineer" is experiencing. It may cost you to upgrade to a static IP for your instance so that if your server goes down/reboots etc it'll always have the same ("unblocked") IP...?
    – Kinnectus
    Commented Jan 7, 2015 at 20:16
  • We've already got a Static IP for our EC2 instances, but its the video content stored in S3 and delivered by CloudFront that's the problem, I cant put a Static IP on any of that content unfortunately.
    – Jimmery
    Commented Jan 7, 2015 at 20:53
  • 1
    Yeah, I don't think you'll resolve that because that content is out of your control... This network engineer doesn't sound very understanding!
    – Kinnectus
    Commented Jan 7, 2015 at 21:03

1 Answer 1

Reset to default
1

You can get official list of IP ranges CloudFront could server traffic from at AWS Developer Forum (this topic: https://forums.aws.amazon.com/ann.jspa?annID=2051). There is a caveat - list gets periodically updated, so to make sure the system works reliably you and your customer need to figure out a way to keep firewall rules up to date

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .