OutboundGateway

AWS Static Proxy Whitelisting

Configure AWS services through static SSL proxy IPs for security compliance and IP whitelisting requirements

AWS S3 RDS Lambda Security Groups

Table of Contents

Overview

Static outbound SSL proxy IPs are essential for AWS services when you need to maintain a consistent IP address for security compliance, IP whitelisting, or regulatory requirements. This guide covers how to configure various AWS services to work through your OutboundGateway static IPs.

Key Benefits: Fixed IP addresses for cloud services, enhanced security compliance, simplified firewall rules, and consistent audit trails.

Prerequisites

OutboundGateway Account

Active OutboundGateway subscription with access to your static IP addresses and credentials.

AWS Account

AWS account with appropriate permissions to modify security groups and service configurations.

Required Tools

  • AWS CLI v2 or later
  • Python 3.8+ with boto3 installed
  • Your static proxy credentials (username/password)

AWS S3 with Static Proxy

Python Example with boto3

import boto3
import requests
from botocore.config import Config

# Your OutboundGateway credentials
PROXY_HOST = "192.168.1.100"  # Your static IP
PROXY_PORT = 8080
PROXY_USER = "your_proxy_username"
PROXY_PASS = "your_proxy_password"

# Configure proxy (SSL-only)
proxies = {
    'https': f'https://{PROXY_USER}:{PROXY_PASS}@{PROXY_HOST}:{PROXY_PORT}'
}

# Create custom config with proxy
config = Config(
    region_name='us-east-1',
    proxies=proxies,
    retries={'max_attempts': 3, 'mode': 'adaptive'}
)

# Initialize S3 client with proxy configuration
s3_client = boto3.client(
    's3',
    aws_access_key_id='your_aws_access_key',
    aws_secret_access_key='your_aws_secret_key',
    config=config
)

try:
    # List S3 buckets
    response = s3_client.list_buckets()
    print("Available buckets:")
    for bucket in response['Buckets']:
        print(f"  - {bucket['Name']}")

    # Upload a file
    s3_client.upload_file('local_file.txt', 'your-bucket', 'remote_file.txt')
    print("File uploaded successfully!")

except Exception as e:
    print(f"Error: {e}")

AWS CLI Configuration

# Set up SSL proxy environment variables
export HTTPS_PROXY=https://your_proxy_username:your_proxy_password@192.168.1.100:8080

# Configure AWS CLI
aws configure set region us-east-1
aws configure set aws_access_key_id YOUR_ACCESS_KEY
aws configure set aws_secret_access_key YOUR_SECRET_KEY

# Test S3 access
aws s3 ls

AWS RDS with Static Proxy

Python Example with psycopg2

import psycopg2
import ssl
from psycopg2.extensions import ISOLATION_LEVEL_AUTOCOMMIT

# Your OutboundGateway and RDS configuration
PROXY_HOST = "192.168.1.100"  # Your static IP
PROXY_PORT = 8080
PROXY_USER = "your_proxy_username"
PROXY_PASS = "your_proxy_password"

RDS_HOST = "your-rds-instance.rds.amazonaws.com"
RDS_PORT = 5432
RDS_DB = "your_database"
RDS_USER = "your_db_user"
RDS_PASS = "your_db_password"

def create_proxy_connection():
    """Create database connection through proxy"""
    try:
        # SSL context for secure connection
        ssl_context = ssl.create_default_context()
        ssl_context.check_hostname = False
        ssl_context.verify_mode = ssl.CERT_NONE

        # Connection string with proxy
        conn_string = (
            f"postgresql://{RDS_USER}:{RDS_PASS}@{PROXY_HOST}:{PROXY_PORT}/{RDS_DB}?"
            f"sslmode=require&sslrootcert=/path/to/rds-ca-2019-root.pem&"
            f"host={RDS_HOST}&port={RDS_PORT}"
        )

        connection = psycopg2.connect(conn_string)
        connection.set_isolation_level(ISOLATION_LEVEL_AUTOCOMMIT)

        print("Connected to RDS through static proxy!")
        return connection

    except Exception as e:
        print(f"Connection failed: {e}")
        return None

# Usage example
conn = create_proxy_connection()
if conn:
    try:
        cursor = conn.cursor()
        cursor.execute("SELECT version();")
        db_version = cursor.fetchone()
        print(f"Database version: {db_version[0]}")
        cursor.close()
    except Exception as e:
        print(f"Query failed: {e}")
    finally:
        conn.close()

Node.js Example with pg

const { Client } = require('pg');
const { HttpsProxyAgent } = require('https-proxy-agent');

// Proxy configuration
const proxyUrl = 'http://your_proxy_username:your_proxy_password@192.168.1.100:8080';
const proxyAgent = new HttpsProxyAgent(proxyUrl);

// Database configuration
const client = new Client({
    host: 'your-rds-instance.rds.amazonaws.com',
    port: 5432,
    database: 'your_database',
    user: 'your_db_user',
    password: 'your_db_password',
    ssl: {
        rejectUnauthorized: false,
        agent: proxyAgent
    },
    // Use proxy as connection host
    host: '192.168.1.100',
    port: 8080
});

async function connectToRDS() {
    try {
        await client.connect();
        console.log('Connected to RDS through static proxy!');

        const result = await client.query('SELECT version()');
        console.log('Database version:', result.rows[0].version);

        await client.end();
    } catch (error) {
        console.error('Connection failed:', error);
    }
}

connectToRDS();

AWS Lambda with Static Proxy

Python Lambda Function

import json
import requests
import os
from urllib3.util.retry import Retry
from requests.adapters import HTTPAdapter

# Environment variables (set in Lambda configuration)
PROXY_HOST = os.environ.get('PROXY_HOST', '192.168.1.100')
PROXY_PORT = os.environ.get('PROXY_PORT', '8080')
PROXY_USER = os.environ.get('PROXY_USER', 'your_proxy_username')
PROXY_PASS = os.environ.get('PROXY_PASS', 'your_proxy_password')

def create_session_with_proxy():
    """Create requests session with proxy configuration"""
    session = requests.Session()

    # Configure retry strategy
    retry_strategy = Retry(
        total=3,
        backoff_factor=1,
        status_forcelist=[429, 500, 502, 503, 504],
    )
    adapter = HTTPAdapter(max_retries=retry_strategy)
    session.mount("https://", adapter)

    # Set SSL proxy configuration
    proxy_url = f'https://{PROXY_USER}:{PROXY_PASS}@{PROXY_HOST}:{PROXY_PORT}'
    session.proxies = {
        'https': proxy_url
    }

    return session

def lambda_handler(event, context):
    """Main Lambda handler"""
    try:
        session = create_session_with_proxy()

        # Example: Make API call through proxy
        api_url = 'https://api.example.com/data'
        response = session.get(api_url, timeout=30)

        return {
            'statusCode': 200,
            'headers': {
                'Content-Type': 'application/json'
            },
            'body': json.dumps({
                'message': 'API call successful through static proxy',
                'status_code': response.status_code,
                'data_length': len(response.content),
                'proxy_used': f'{PROXY_HOST}:{PROXY_PORT}'
            })
        }

    except Exception as e:
        return {
            'statusCode': 500,
            'headers': {
                'Content-Type': 'application/json'
            },
            'body': json.dumps({
                'error': str(e),
                'message': 'Failed to make API call through proxy'
            })
        }

Lambda Environment Variables

Variable Value
PROXY_HOST 192.168.1.100
PROXY_PORT 8080
PROXY_USER your_proxy_username
PROXY_PASS your_proxy_password

Security Groups Configuration

AWS CLI Commands

# Create security group that allows traffic from your static IPs
aws ec2 create-security-group \
    --group-name "proxyflow-static-ips" \
    --description "Allow traffic from OutboundGateway static IPs" \
    --vpc-id vpc-12345678

# Add inbound rule for your static IP
aws ec2 authorize-security-group-ingress \
    --group-id sg-12345678 \
    --protocol tcp \
    --port 8080 \
    --cidr 192.168.1.100/32

# Add rule for additional static IP
aws ec2 authorize-security-group-ingress \
    --group-id sg-12345678 \
    --protocol tcp \
    --port 8080 \
    --cidr 192.168.1.101/32

# Apply security group to RDS instance
aws rds modify-db-instance \
    --db-instance-identifier your-rds-instance \
    --vpc-security-group-ids sg-12345678 \
    --apply-immediately

# List security group rules
aws ec2 describe-security-groups \
    --group-ids sg-12345678 \
    --query 'SecurityGroups[0].IpPermissions'

Important: Always use the most specific CIDR notation (/32 for single IP) when configuring security group rules for better security.

Troubleshooting

Connection Timeouts

If you experience connection timeouts:

  • Verify your static IP is correctly whitelisted in AWS security groups
  • Check proxy credentials are correct and active
  • Ensure proxy server is accessible from your network

SSL Certificate Errors

For SSL/TLS issues:

  • Use the latest AWS root certificates
  • Configure proper SSL verification settings
  • Check if your proxy supports SSL passthrough

Performance Issues

To improve performance:

  • Use connection pooling for database connections
  • Implement retry logic with exponential backoff
  • Monitor proxy bandwidth usage and limits

Ready to Get Started?

Get your static SSL proxy IPs today and ensure your AWS services maintain consistent IP addresses for compliance and security requirements.

Get Started with OutboundGateway