CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2reverse-proxyamazon-elb
Karthik tv
Karthik tv

Reputation: 109

How to load balance AWS private subnet EC2 instances

If I create an ELB and try to attach the private subnet instances, my health check fails: OutOfService.

Question 1 : Can I get a internal / private IP(not IP but dns name) for Load Balancing. i.e not accessible to the internet?

Question 2 : If I have a public dnsname for my Application Load Balancer. How do I attach EC2 instances that are in my private subnet without an Elastic IP(aren't internet accessible). I am looking for the best approach. Should we have-

ELB --> public subnet EC2 instances (proxy configuration- */* [private_ip]:[port]/* ) ---> Service from Private Subnet/EC2 instance with health checks here.

Upvotes: 0

Views: 5595

Answers (2)

John Rotenstein
John Rotenstein

Reputation: 270274

The traditional architecture is:

  • Elastic Load Balancer in public subnet
  • Amazon EC2 instances in private subnet
  • Security group on Load Balancer permitting port 80 & 443 from 0.0.0.0/0
  • Security group on instances permitting port 80 from the Load Balancer security group
  • An Amazon Route 53 Hosted Zone with a CNAME record set pointing to the DNS Name of the Load Balancer

If your instances are failing the Load Balancer health check, check the following:

  • The instances should have a security group permitting inbound access from the Load Balancer
  • The Load Balancer health check should be configured with a path to a web page to use for the health check
  • The instances should have a functioning web server that is responding to the health checks

Upvotes: 8

Yogesh_D
Yogesh_D

Reputation: 18809

If you are using an ELB, I would recommend using Auto Scaling Group to put instances in various AZ/subnets. Look at this tutorial. The benefit of having an ASG that you can optionally also have scale in/our policies.

The archiceture that you have described ELB (Assuming this is public) -> public EC2 instances (as Proxies) -> Private EC2 instances.

Rather you can have your Private EC2 instances fronted with a ELB. Not sure if you really need the public EC2 instances.

If your health check is failing you need to ensure that:

a. You are creating the ELB in the right VPC.

b. The ELB -> EC2 communication is setup correctly by ensuring you have the right Security Groups in place on the EC2 instances. A highly recommended way would be to have the EC2 instances SG rules setup in such way that they accept traffic only from the SG of the ELB.

Upvotes: 1

Related Questions