Re: Global networking change in our AWS accounts
Hi,
On 16/11/21 at 22:16 +0100, Bastian Blank wrote:
> Hi folks
>
> We like to do a global change to the way the network is setup on the new
> AWS accounts. The goal is to reduce the amount of global IPv4 addresses
> to a minimum, as those are an increasingly rare comodity nowadays.
>
> We will
> - use NAT gateways for all outgoing IPv4 traffic, and
> - allow use of IPv4 via load balancers for some kinds of traffic.
>
> This means for you as a user that
> - IPv6 will work in either direction and can be used to access instances
> at will (subject of security groups off course),
> - IPv4 outgoing will work and all instances use the same address to the
> outside,
> - IPv4 incoming will _not_ work with a public IP assigned to an
> instance, and
> - IPv4-only or (better) dual-stack network load balancers can be used
> for stuff like HTTP access for users.
>
> This affects mainly the following accounts:
> - container (tianon),
> - qa1 (elbrus, terceiro), and
> - qa2 (lucas).
>
> The time-frame to deploy this change is not yet determined, but should
> be in the next couple of days. If you have questions about this, please
> don't hesitate to ask.
I'm surprised by this: what is the motivation? Have we been asked to use
less IPv4 addresses?
Anyway, please wait for qa2, until I finish the migration and can
confirm that everything works.
Also, in qa2, there's an instance that is painful to move and that needs
to be publicly accessible. So please plan for a migration that does not
involve terminating it.
Two other questions:
- if everything is on private IPv4, how are we supposed to connect to
the instances?
- who is "we"? (I only interacted with you, and was wondering how much
backup we have for the admins of this AWS setup, given that it looks
a lot more dependant on the admins that with the old account)
Lucas
Reply to: