Providing a static IP for resources behind AWS Elastic Load Balancer (ELB)

Tom Harrison Jr asked:

I need a static IP address that handles SSL traffic from a known source (a partner). The reason the IP needs to be static is that the partner requires this in order to maintain the PCI compliance.

Our servers are behind an AWS Elastic Load Balancer (ELB), which cannot provide a static IP address; many threads about this here.

My thought is to create an instance in EC2 whose sole purpose in life is to be a reverse proxy server having it’s own IP address; accepting HTTPS requests and forwarding them to the load balancer.

Are there better solutions?

My answer:


You don’t need a “static” IP address to implement SSL; you do need a name in the DNS, for which the SSL certificate will be issued.

The typical solution to this is to create a name in the DNS and then make it a CNAME for the DNS name given for the Elastic Load Balancer.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.