Dev.to

Elastic Beanstalk + VPC integration

What’s a VPC (Virtual Private Cloud)? A VPC is your own private data center in the cloud: You control the IP range, subnets, routing, firewalls (Security Groups & NACLs). You can run Elastic Beanstalk inside your VPC, so your app isn’t publicly exposed (unless you want it to be). Useful for private APIs, secure database access (RDS), or hybrid cloud setups. How to Deploy Elastic Beanstalk into a Custom VPC Step 1: Create Your VPC Use VPC wizard or manual setup: 1 VPC (e.g., 10.0.0.0/16) 2 Public subnets (for load balancer) 2 Private subnets (for EC2 instances) Internet Gateway (for public access) NAT Gateway (for internet from private subnets) Route Tables for each Tip: Keep EC2 instances in private subnets for security, expose only the ALB in public subnet. Step 2: Tag Your Subnets Tag your subnets so Beanstalk can find them: Key: elasticbeanstalk:environment-type Value: LoadBalanced Step 3: Create Elastic Beanstalk App in the VPC eb init -p python-3.8 my-secure-app eb create my-secure-env \ --vpc \ --vpc.id vpc-xxxxxxxx \ --vpc.publicip \ --vpc.elbpublic \ --vpc.ec2subnets subnet-private-a,subnet-private-b \ --vpc.elbsubnets subnet-public-a,subnet-public-b --vpc.elbpublic: Makes load balancer public --vpc.publicip: Assigns public IP to EC2 (optional) --vpc.ec2subnets: List your private subnets --vpc.elbsubnets: List your public subnets Step 4: Confirm Security Group Access Your EC2 security group must allow: Inbound HTTP/HTTPS from ELB Outbound to internet (via NAT) If using RDS, allow inbound from the Beanstalk SG Sample eb config Output You can verify your settings: eb config Use Case Scenarios Use Case Why VPC Matters? RDS database Private subnet access only Internal APIs Block external exposure Custom routing/NAT Control egress traffic Hybrid architecture Connect on-prem to cloud

Apr 7, 2025 - 03:36

What’s a VPC (Virtual Private Cloud)?

A VPC is your own private data center in the cloud:

You control the IP range, subnets, routing, firewalls (Security Groups & NACLs).
You can run Elastic Beanstalk inside your VPC, so your app isn’t publicly exposed (unless you want it to be).
Useful for private APIs, secure database access (RDS), or hybrid cloud setups.

How to Deploy Elastic Beanstalk into a Custom VPC

Step 1: Create Your VPC

Use VPC wizard or manual setup:

1 VPC (e.g., 10.0.0.0/16)
2 Public subnets (for load balancer)
2 Private subnets (for EC2 instances)
Internet Gateway (for public access)
NAT Gateway (for internet from private subnets)
Route Tables for each

Tip: Keep EC2 instances in private subnets for security, expose only the ALB in public subnet.

Step 2: Tag Your Subnets

Tag your subnets so Beanstalk can find them:

Key: elasticbeanstalk:environment-type
Value: LoadBalanced

Step 3: Create Elastic Beanstalk App in the VPC

eb init -p python-3.8 my-secure-app
eb create my-secure-env \
  --vpc \
  --vpc.id vpc-xxxxxxxx \
  --vpc.publicip \
  --vpc.elbpublic \
  --vpc.ec2subnets subnet-private-a,subnet-private-b \
  --vpc.elbsubnets subnet-public-a,subnet-public-b

--vpc.elbpublic: Makes load balancer public
--vpc.publicip: Assigns public IP to EC2 (optional)
--vpc.ec2subnets: List your private subnets
--vpc.elbsubnets: List your public subnets

Step 4: Confirm Security Group Access

Your EC2 security group must allow:
- Inbound HTTP/HTTPS from ELB
- Outbound to internet (via NAT)
If using RDS, allow inbound from the Beanstalk SG

Sample `eb config` Output

You can verify your settings:

eb config

Use Case Scenarios

Use Case	Why VPC Matters?
RDS database	Private subnet access only
Internal APIs	Block external exposure
Custom routing/NAT	Control egress traffic
Hybrid architecture	Connect on-prem to cloud