An interesting issue came across the other day. If you’ve used any of AWS services based on DNS, especially ELBs, you’ll notice that the IPs change fairly frequently. This seems to be as AWS scales up or down based on demand of services. Normally this would not be an issue, but there are some services that do not seem to respect TTLs. As it turns out, NGINX is not one of those, unless you pay for NGINX Plus. I don’t know about you but that seems silly for something that should work.

The key setting here is resolver which will force NGINX to honor TTLs, alternatively you can set it to whatever time you choose. For example I chose to have it check every 10 seconds.

server {
  resolver 172.17.0.2 valid=10s;
  resolver_timeout 10s;
}

In addition to the above changes we need to set the ELB as a variable since the behavior changes. We need to then set the ELB address as a variable within the location block.

location / {
set $awsilb "internal-web-gateway-1695990257.us-east-1.elb.amazonaws.com";
proxy_pass              http://$awsilb:8080;
}

This slight tweak will keep you from having to put together some hacky methods or paying for NGINX Plus!