By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Migrate a Beans Talk environment from a public subnet to a private subnet.

0

Hello, I have several applications in production deployed with BeansTalk. These applications are defined by several environments. These environments are configured to deploy the instances on a public subnet, they have an associated public ip and direct connection to internet gateway. Due to company cybersecurity reasons, it is required to remove the public ips and deploy the instances on a private subnet, and instead of having an associated public ip they will have a connection to NetGateway for the internet gateway.

It is a requirement that the deployed environments and instances have to use the same default vpc they currently use since the database and other components are deployed there.

  1. How could I make a configuration change so that the new instances are deployed on a private subnet instead of a public subnet with as minimal impact as possible?

  2. Is it possible to make a hot swap? From the aws console I don't see that it is possible to change the configuration, would it be possible using aws cli ?

  3. Taking into account the risks and questions 1,2. What would be the safest strategy?

  • 3.1 Save configuration and recreate environment. (You probably have duplicate or missing data.)
  • 3.2 Modify CloudFormation stack associated with beans talk. (Perhaps the changes do not persist.)
  • 3.3 Hot swap using aws cli if it is possible.
Topics
Networking & Content DeliveryComputeManagement & Governance
Tags
Amazon VPCAWS Elastic BeanstalkAWS CloudFormation
Language
English
Diego
asked a month ago257 views
1 Answer
1

Hello,

Unfortunately, Elastic Beanstalk environments themself cannot be migrated between public and private subnets.

Here Some things to do:

  • Recreate the Environment in a VPC with Private Subnets (Safest)
  • Update CloudFormation Stack with Pre-existing Environment

To migrate your Elastic Beanstalk environment from a public to a private subnet:

Prepare Private Subnet: Ensure a private subnet exists in your VPC with a route to an Internet Gateway via a NAT Gateway or NAT instance.

Update Environment Configuration: Use AWS CLI to update your Elastic Beanstalk environment's VPC settings:

bash

aws elasticbeanstalk update-environment --environment-id <your-environment-id>
--option-settings Namespace=aws:ec2:vpc,OptionName=VPCId,Value=<your-vpc-id>
--option-settings Namespace=aws:ec2:vpc,OptionName=Subnets,Value=<comma-separated-private-subnet-ids>
--option-settings Namespace=aws:ec2:vpc,OptionName=ELBSubnets,Value=<comma-separated-private-subnet-ids>

Replace placeholders with your environment ID, VPC ID, and private subnet IDs.

Verify Connectivity: Monitor the environment for any issues and ensure instances deploy correctly in the private subnet.

profile picture
EXPERT
NARRAVULA MUNISAI TEJA
answered a month ago
EXPERT
Pandurangaswamy
reviewed a month ago
  • Diego
    a month ago

    Thank you for your reply.

    What will be the expected behaviour when this change is applied ? Will the current environment and associated instances be destroyed?

    It is important not to have downtime, as we have no maintenance window. Ideally, the new instances deployed on the private subnet will be up, and once they are up, the old deployed instances will be shut down. But I don't think it will happen like that, am I right?

Relevant content