Deploying Web Access with an AWS Public IP

  • Updated on Dec 12, 2025
  • Published on Nov 20, 2025
  • 3 minute(s) read
  • ED
  • CD
  • SS
 Prev Next

This guide is intended for IT infrastructure architects and DevOps professionals responsible for deploying or enabling Web Access in the AWS public cloud.

This guide applies to Nasuni Edge Appliance version 10.1 and later.

Introduction

To enable access to Web Access through the public internet, assign the Edge Appliance a static Public IP address in AWS. A security group restricts external access to the Edge Appliance to ports 443 (HTTPS) and 80 (HTTP).

Web Access can also be deployed behind an application load balancer (ALB). An ALB offloads encryption/decryption, simplifies SSL/TLS certificate management, and integrates with other services for enhanced security and performance. For more information on setting up an AWS ALB, see Deploying Web Access with AWS Application Load Balancer.

Prerequisites

  • An Edge Appliance must be deployed to AWS and joined to the NMC.

  • A public FQDN for your instance and corresponding SSL/TLS server certificate.

  • Access to DNS to set up the FQDN.

Creating an Elastic IP

Elastic IPs are the only way to assign a public IP address in AWS.  If an elastic IP address is not used, the public IP address changes whenever the instance is powered off.  The public FQDN also changes with the IP address, preventing CNAME records from resolving.

To create an Elastic IP, follow these steps:

  1. Log in to AWS Console.

  2. Navigate to EC2Elastic IPsAllocate Elastic IP address.

  3. For the Public IPv4 address pool, select Amazon’s pool of IPv4 addresses (or choose an alternate pool if appropriate for your organization).

  4. For the Network border group, select the region the instance is to run in.

  5. To allocate the elastic IP address, click Allocate.

  6. After the IP is allocated, select the new IP address and choose ActionsAssociate Elastic IP address.

  7. Select the Instance, then choose the instance running NEA Web Access.  

  8. Click Associate.

  9. Navigate to EC2Instances.

  10. On the Instances page, choose the associated instance.
    The Public IP address displays under Details.

Security Groups

To secure the instance and enable public access to the Web Access console, assign a security group that allows HTTP and HTTPS traffic.

Creating a security Group

To create a security group, follow these steps:

  1. Navigate to EC2Security GroupsCreate security group. The Create security group page appears.

  2. Enter a Security Group Name and Description, such as “Nasuni WebAccess”.

  3. For the VPC, select the VPC with the running instance.

  4. Configure Inbound rules by following these steps:

    1. Click Add rule.

    2. From the Type drop-down list, select HTTPS.

    3. From the Source drop-down list, select Anywhere IPv4.

    4. Click Add rule.

    5. From the Type drop-down list, select HTTP.

    6. From the Source drop-down list, select Anywhere IPv4.

Note: Adding HTTP does not enable HTTP access.  It enables browser redirection from HTTP to HTTPS, which can be convenient for end users.

  1. Configure Outbound rules.
    One of the security groups assigned to the instance must be configured to permit outbound access.  Refer to Firewall and Port Requirements for a restricted list of FQDNs.

  1. Click Create security group.

Assigning the security group

To assign the security group, follow these steps:

  1. Select the Instance and right-click to open the options panel.

  2. Choose SecurityChange Security Groups.

Note: An instance can have multiple security groups.  It is recommended to place security settings for public access in one group and security settings for administration or SMB/NFS connections in another.  However, all settings can be grouped together.

  1. Select the group created in the previous step and click Add security group.

  2. Click Save these changes.

Testing

Navigating to the public IP address of the NEA should now load the Web Access interface, after displaying a certificate warning.  (This assumes that a share has been enabled for Web Access on the appliance.)

SSL Certificate and FQDN

After the Web Access page loads, a signed certificate for the desired FQDN must be installed on the appliance, and the FQDN must be registered with the customer’s DNS provider.

For more information on SSL Setup, see Generating SSL CA-signed or self-signed server certificate.

Related articles