I have a cloud-based data warehouse, Snowflake, that's requiring that all query traffic from my applications hosted on Fargate come from specific IP addresses for whitelisting purposes. What's the best way to achieve this without complicating things too much or sacrificing the benefits of a redundant cloud setup?
2 Answers
One option you might consider is to keep your Fargate tasks in a private subnet and then route all outgoing traffic through a NAT Gateway using Elastic IPs that Snowflake can whitelist. If you're expecting high traffic, you might want to look into using a solution like fck-nat. Additionally, check if Snowflake supports PrivateLink connections, which could help you avoid public internet traffic entirely and improve both security and cost efficiency.
You're correct that Fargate needs to be behind a load balancer if you're trying to use Elastic IPs! If you expose them publicly, they might change, causing connection issues. So, consider setting it up properly without exposing public IPs.
Thanks for confirming! That's good to know.