Accessing Isolated Networks via AWS Elastic IP and Proxy

When working with enterprise APIs or isolated client networks, it’s common to be asked to access their environment from a known static IP. If your development environment is dynamic or cloud-based, AWS provides an elegant solution using Elastic IPs and proxy servers.

🎯 Problem: Static IP Required for API or Network Access

Many enterprise systems and secure networks restrict access to a fixed set of whitelisted IP addresses. If you’re working from a laptop, development environment, or cloud VPC without a static public IP, your requests may be blocked or rejected for security reasons.

✅ Common Scenarios:

• API firewalls requiring static IP
• Private VPC-to-VPC access between organizations
• Testing from different geographic regions via a whitelisted IP

🧩 Solution 1: Static IP from ISP or VPN

If your internet provider offers a static IP, you can request access using that. However:

• ✅ Simple and local
• ❌ Not portable — tied to location or hardware
• ❌ Changing locations breaks access

🌩️ Solution 2: Use AWS Elastic IP + Proxy

AWS Elastic IP is a fixed, public IPv4 address you can attach to EC2. By setting up a proxy server on the EC2 instance, you can route any request (from browser, backend, or script) through this IP.

✅ Advantages:

• 🎯 Globally accessible
• 🔐 Easily secured via AWS Security Groups
• 🛠️ Fully scriptable and scalable

🔧 Step-by-Step: Setup HTTP Proxy with Squid on EC2

1. Launch EC2:
   • Use Ubuntu 20.04 or 22.04
   • Instance type: t2.micro (Free Tier eligible)
   • Allow SSH (port 22) and custom TCP port (3128)
2. Allocate and associate an Elastic IP:
   • In the AWS EC2 dashboard → Elastic IPs → Allocate
   • Associate this IP with your running EC2 instance
3. Install Squid:

   sudo apt update && sudo apt install squid -y

4. Configure Proxy Access:
   Edit the configuration file:

   sudo nano /etc/squid/squid.conf

   Add or modify these lines:

   http_port 3128
     
     # Allow all (or restrict to your IP)
     acl allowed_ips src 0.0.0.0/0
     http_access allow allowed_ips
     http_access deny all

   Note: Replace 0.0.0.0/0 with your IP range for added security (e.g., 203.0.113.0/24 or YOUR_IP/32).

5. Restart the Squid service:

   sudo systemctl restart squid

   Optional: check status

   sudo systemctl status squid

6. Open port 3128 in your EC2 Security Group:
   • Go to EC2 → Security Groups → Inbound rules → Add Rule
   • Type: Custom TCP
   • Port: 3128
   • Source: Your IP or 0.0.0.0/0 (if testing)
7. ✅ Share the Elastic IP with Your Client

   Provide the client with your Elastic IP address to allow in their firewall or API gateway. For example:

   Static IP: 54.123.45.67

🔐 How to Restrict Proxy Access

• 🛡️ Use Squid’s acl allowed_ips to allow only specific IPs
• 🔒 Secure EC2’s Security Group to your developer IPs only

🌐 How to Use the Proxy (Elastic IP) with Real API Calls

Once your proxy is live (e.g., http://54.123.45.67:3128), here’s how to route your traffic through it from different environments.

🧪 1. curl

curl -x http://54.123.45.67:3128 https://jsonplaceholder.typicode.com/posts/1

🌐 2. Google Chrome (System Proxy)

• Go to chrome://settings/system
• Click “Open your computer’s proxy settings”
• Set:
  • HTTP Proxy: 54.123.45.67
  • Port: 3128
• Save and test by visiting: https://jsonplaceholder.typicode.com/posts/1

📬 3. Postman

• Go to Settings → Proxy
• Set:
  • Proxy Type: HTTP
  • Server: 54.123.45.67
  • Port: 3128
• Enable global proxy or per-request proxy
• Make a GET request to https://jsonplaceholder.typicode.com/posts/1

💎 4. Ruby on Rails (Faraday Example)

conn = Faraday.new(
    url: 'https://jsonplaceholder.typicode.com',
    proxy: 'http://54.123.45.67:3128'
  )
  
  response = conn.get('/posts/1')
  puts response.body
  

🕹️ 5. WebGL / Browser Fetch (via system proxy)

Browser apps (including WebGL) will automatically use system-level proxy settings.

Follow the Chrome system proxy setup above, then run:

fetch('https://jsonplaceholder.typicode.com/posts/1')
    .then(res => res.json())
    .then(console.log)

🧠 6. Node.js (with axios + https-proxy-agent)

const axios = require('axios');
  const HttpsProxyAgent = require('https-proxy-agent');
  
  const proxyAgent = new HttpsProxyAgent('http://54.123.45.67:3128');
  
  axios.get('https://jsonplaceholder.typicode.com/posts/1', {
    httpsAgent: proxyAgent
  }).then(res => console.log(res.data))
    .catch(err => console.error(err));
  

⚛️ 7. React (via Node backend or dev proxy)

React apps can’t directly configure HTTP proxies in browser JS. You should:

• Use a proxy-aware backend (e.g., Node, Rails)
• Or run a local proxy via http-proxy-middleware during development

React Dev Proxy (Optional) — in package.json:

{
    "proxy": "http://54.123.45.67:3128"
  }

⚠️ This only works for same-origin development APIs. Better to use a backend like Node or Rails to proxy requests through EC2.

❓ Why Use a Proxy?

A proxy server acts as an intermediary between your app and the target API. When routed through EC2, it makes requests appear to come from the Elastic IP.

✅ Use Cases:

• Bypass network restrictions (ethically)
• Route all outbound API requests from a known IP
• Debug and log requests from multiple sources

⚠️ Proxy Risks:

• Open proxies may be abused if not secured
• Must monitor usage to prevent misuse

🔄 Alternatives to Proxy Access

📌 Conclusion

If your client requires access from a fixed IP address, using an AWS EC2 + Elastic IP + HTTP Proxy is a clean, scalable, and secure solution — especially when combined with IP allowlisting and AWS security groups.