Reputation: 1
How to make public facing ELB, private?
Below is the elastic load balancer, taken from here:
"ElasticLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"CrossZone": "false",
"SecurityGroups": [ { "Ref": "ElbSecurityGroup" } ],
"Listeners": [
{
"LoadBalancerPort": "80",
"InstancePort": "8080",
"Protocol": "http"
}
],
"Instances": [ { "Ref": "EC2Instance"} ],
"Subnets": [ { "Ref": "SubnetId"} ]
}
}
where ELB is behaving as public facing resource for Jenkins(running in EC2).
EC2 instance running Jenkins is also sitting in public subnet.
Currently ELB is public facing to Internet.
How to make ELB privately accessible within company network only? Because ELB is generally used as public facing resource.
Upvotes: 1
Views: 2280
Answers (2)
Reputation: 1
If the company network is outside AWS cloud besides making the load balancer private by setting up the scheme property to "internal", you will need to set up a vpn between you company network and the AWS VPC + subnetwork where the jenkins EC2 instance is located.
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-internal-load-balancers.html https://aws.amazon.com/es/vpn/
Upvotes: 0
Reputation: 8593
There should be scheme property you should be able to set the value to internal
After that, you should be able to restrict access to the company subnets using security groups.
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html
Schema parameter The type of load balancer. Valid only for load balancers in a VPC.
If Scheme is internet-facing, the load balancer has a public DNS name that resolves to a public IP address.
If Scheme is internal, the load balancer has a public DNS name that resolves to a private IP address.
Hope you find this answer helpful.
Upvotes: 3
Related Questions
- How can I make ECR private repo public?
- How do you make your AWS ELB internal in a AWS Cloudformation template?
- Publicly accessible Elasticsearch instance using CloudFormation template
- How do allow inbound traffic only from ELB?
- How can i create an internal ELB with security groups?
- Allow HTTP Access to AWS instances only through ELB
- Public ELB accessible only from API Gateway
- How to create ElasticBeanstalk environment with non-public load balancer with Terraform
- How do I assign a created SecurityGroup to an ELB from CloudFormation?
- Possible to create a private node behind an ELB?