Is there a way to open a VPC to a domain name?

Question

I have an application running on Elastic Beanstalk that is currently closed to general traffic. I want to open it to the stripe.com billing service.

I can see how to do this by opening the VPC to the considerable number of ip addresses listed in the stripe documentation. This would take a moderate amount of time and does not feel as if it's the right solution.

Is there a different way to configure my VPC to allow the stripe API domain names access?

You're meant to periodically download the list of IP addresses and feed it into your firewall as appropriate. With AWS VPC, this means you get to write some code to call the appropriate APIs. — Michael Hampton, Oct 06 '19 at 20:10

score 1 · Accepted Answer · answered Oct 07 '19 at 11:28

1

You can write a lambda function to periodically update the IP addresses in your Security groups and Network access control lists. This example is using cloud front and waf but the same principle applies.

https://aws.amazon.com/blogs/security/how-to-automatically-update-your-security-groups-for-amazon-cloudfront-and-aws-waf-by-using-aws-lambda/

answered Oct 07 '19 at 11:28

strongjz

852

Thanks Strongjz - that sounds like a good way forard. – goose Oct 08 '19 at 06:18

Is there a way to open a VPC to a domain name?

1 Answers1