Search code examples
seleniumamazon-ec2nat

Selenium EC2 instances from single public IP

Dear fellow developers,

My question is very simple but I can't find the answer anywhere, maybe I lack some routing / proxying education.

It goes like this :

  • I instantiate several EC2 instances running Selenium and a bunch of other software from a PHP API I wrote
  • The target application I'm testing with those several seleniums on EC2 instances is accepting inbound connections from a restricted list of IPs
  • How can I tell my selenium tests to go for the target application always using the same public IP?

My first guess was NAT/Proxy the traffic from all my selenium EC2 instances through a single EC2 instance which would have a single public IP which I could setup in the target application.

Then I got lost (drowned) into AWS VPCs, other things and such.

Can you help me on this one?

Thank you in advance.

Solution

  • Wow, you are actually asking about quite a bit here.

    It sounds like you want to secure your application by only allowing your Selenium instances (and possibly other instances) to access it.

    The most obvious way of doing this would be to give your Selenium instances a static IP, which Amazon calls an elastic IP. You only get 5 of these IPs per region before having to ask Amazon for more. So if you have more than 1 or 2 Selenium instances this will not be practical.

    If you are not using a VPC, you really should look into setting it up. It may seem a bit complicated at first, but it makes doing the kind of things that you are trying to do here extremely easy.

    With a VPC you could have all of your instances talk to each other over their internal IP addresses as long as they are in the same zone.

    If they are not in the same zone, you can setup a NAT instance in each zone. You assign the NAT instance an elastic IP. All of the other instances in that zone will then access servers outside of it's zone though the NAT instance. Their source IP from the outside server's point of view will be the IP of the NAT.

    So what would all this give you?

    Well, let's say you set it up with all of your instances in the same zone within a VPC. You could then assign your application servers to a Security group that allows incoming HTTP/HTTPS connections from the internal IPs of your selenium instances. You could even create different subnets for your application and selenium instances in that VPC and setup the security group to allow incoming connections from the entire selenium subnet. Subnetting each server type may be overkill for your use case. It really just depends on how much control you want over your VPC networking.

    I don't think explaining how to setup a VPC is within the scope of this answer. I really do think setting up a VPC is the correct option for you though. A good place to start would be Amazon's documentation:

    https://aws.amazon.com/documentation/vpc/

    It would also be worthwhile to search google for things like blog entries regarding setting up VPCs. There are many mistakes that others have made when setting up their first VPC that you could avoid by reading them.