Whitelist Elastic Load Balancer based on IP [closed]
Is there any common method to provide people the pool of IP addresses my ELB uses?
Yes, ELB is is built upon EC2 and AWS publishes a list of all public IP ranges in use by specific regions. It should be safe to assume that every IP your ELB could use will fall within the published range for its region.
These IP ranges are subject to change without notice, but AWS maintains a current list in a JSON format that can be used to maintain the white-list automatically.
On the other hand, this is kind of redundant as the whole point of DNS is to provide a current list of IPs associated with a hostname.
Or is that ridiculous and they'd just have to use some solution which can whitelist DNS addresses?
It's not entirely ridiculous that they can't white-list a hostname as any firewall solution which supports that would have to either resolve the DNS hostname to an IP at runtime then respect the TTL to keep this list up to date, or else function at layer 7 and inspect the host HTTP header field.
What is somewhat unusual is that they want to white-list outbound connections, it's more common to want to white-list inbound connections (such as when you're trying to access their API) and in which case you can assign the instances behind your ELB an EIP so when your application servers initiate an outbound connection they have a static IP (although doing this can get in the way of auto scaling).
In general ELB isn't intended to be a silver bullet for everyone, it makes compromises that deliver significant benefits (such as transparent scaling) for 90% of use cases at the expense of a minority of would-be users. If you really need a static IP for your load balancer then OpsWorks makes orchestrating HAProxy almost as easy.