I have an application on Forge/AWS. It is made up of a LB (setup in Forge), a few app servers (EC2s), and a handful of additional (EC2s) dedicated to running queue workers.
Everything works fine but I would like to have these boxes make outbound HTTP/LDAP calls to the internet over a single IP address (making it easier for my users to whitelist my servers on their firewalls) instead of whichever app server/worker server is tasked with the request.
I believe I need to create a NAT Gateway in AWS, assign an elastic IP to it, then make an outbound rule for my app servers/worker servers to use that NAT Gateway. That would force every request to come from that single IP. Does that sound correct?
Will this change how I connect to RDS or Redis servers as well?
Is there anything I should know before hand when it comes to doing this with Forge? Any guidance or suggestions would be great.