Bring your own IP
EASILY MIGRATE TO AWS WITH YOUR PUBLIC ipv4 ADDRESSES
Keep your IP address reputation Avoid changes to IP address whitelists Move legacy applications with no need to change IP addresses.
Migration
Avoid IP address changes to applications when you migrate to the AWS Cloud.
Prerequisite
- The address range must be registered with your regional internet registry (RIR)
- Supported RIRs include the American Registry for internet numbers (ARIN) and RIPE
Preparing you IP range
Authorization- Create an ROA to authorize Amazon ASNs 16509 and 14618 to advertise your address range.
ROA- ROA is a cryptographically signed object that states which autonomous system (AS) is authorized to orginate a particular IP address prefix or set of prefixes. ROAs may only be generated for internter nuber resources covered by your resource certificate
To get ROA
ARIN:
https://www.arin.net/resources/rpki/roarequest.html
Preparing you IP range
Authorization- Create an ROA to authorize Amazon ASNs 16509 and 14618 to advertise your address range.
Authentication- Generate an RSA 2048-bit key pair
openssl genrsa -out private.key 2048
Create a signed message.
example
1|aws|account|cidr|YYYYMMDD|SHA256|RSAPSS
The following command signs the message using the key pair you created and save it as base64_urlsafe_signature:
echo "1|aws|123456789012|198.51.100.0/24|20191201|SHA256|RSAPSS" | tr -d "\n" | openssl dgst -sha256 - sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign private.key -keyform PEM | openssl base64 | tr -- '+=/' '-_~' | tr -d "\n" > base64_urlsafe_signature
Update the RDAP record for your RIR with the X509 certificate
Be sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate.
To view your certificate, run the following command:
cat publickey.cer
For ARIN, add the certificate in the "public comments" section for your address range.
For RIPE, add the certificate as a new "desc" field for your address range.
More details- (BYOIP guide)
BYOIP Reference Architecture-1
BYOIP Reference Architecture-2
Refer- Reference Architecture
Top comments (0)