You can now assign static egress IPs to your machines.!
Although most apps don’t need it, it is useful when using services like MongoDB atlas that require allowlisting a range of IPs.
You can allocate static egress IPs to your machine by running fly machine egress-ip allocate <machine ID>. These IPs survive machine migration and are not shared between machines.
Static egress IPs for machines will cost $0.005 per hour.
If you really want one static egress IP per machine, then yes. However, most use cases should not actually require this – for example, you may set up one or two machines per region to act as a proxy with static egress IPs, and have the rest of your machines connect to them for connections that require dedicated/static IPs.
Is that the plan for the IP to follow a machine on a Blue Green deployment? The static egress IP is something ideal for external database connectivity as you mentioned. However, like you said, if we deploy our IP could go away or change. If we deploy a new machine, will we be able to reassign (manually for now) the static IP that was previously assigned to the new machine, or will we have to request a new one?
You can deploy a one-off machine and assign the IP to that one. This machine won’t be updated as part of a bluegreen deploy. You can update it manually with fly machine update if needed!
While I am very excited about this I think it’s (mostly) unusable (for us) as it currently stands. We are constantly deploying using blue green deployments throughout the week to ensure no downtime.
Excited for when we can assign a static IP to an App so that we can configure it just once then I know each app has an IP I can configure in our external services.
Rolling deploys update machines in place (keeping the IP), and then do a quick restart. Restarts on machines are so fast you may actually prefer rolling deployments to bluegreen.
But in general, you’re better off running 1-2 machines to proxy through for static outbound IPs.
There’s a chance! But it would just be a convenience. We’d end up implementing it as a supporting app that just has two+ machines running a proxies (or a nat gateway), and then figure out how to get apps to route some connections through those.
It’s early but I expect we’ll have an example of how to set this up soon. It’s doable the hard way today!
Thanks Kurt, would much rather do it the easy way, I don’t particularly want to be managing that stuff myself and instead focus my time on features for my customers!
Thanks Kurt. On more question. I use a dedicated proxy and assign one machine a static IP. Say this is my nginx app. Even the nginx app has two machines (I’ve tried max_running_machines=1). Now with one machine static IP, how are the requests routed? Always through the machine with static IP?
Can I use the same static IP for egress and ingress?
I’ve allocated an egress IP to a machine with a TCP service, it’s reachable on the external IPv6 address, but I can’t reach it on egress IPs (both v4 and v6).