How to access resources in a private EC2 instance via ELB?

Question

I have an example diagram below, and a scenario.

Suppose I deployed and ran a web server (with NodeJS) in both EC2 instances and used load balancing for requests distribution. EBS is used to store application and S3 is used to store system's files, uses' files.

1. Is diagram correct?
2. I start a node server, and it's ok. Following AWS Network's concept, EC2 instance is in a private subnet cannot be accessed by outbound requests, but it can get resources via NAT Gateway, so which component or service should I install to make this private EC2 instance is reachable?
3. Application Load Balancer can help outbound requests reach private EC2 instance, doesn't it?

P/s: if my design has any issues that must be improved, please tell me that.

I expect that when requests are coming in my system, the ALB can distribute them to all available EC2 instances.

Answer 1

Is diagram correct?

No, the Application load balancer needs to be in VPC subnets, not just in the VPC.

I start a node server, and it's ok. Following AWS Network's concept, EC2 instance is in a private subnet cannot be accessed by outbound requests, but it can get resources via NAT Gateway, so which component or service should I install to make this private ec2 instance is reachable?

An Application Load balancer that is placed in public subnets

Application Load Balancer can help outbound requests reach private ec2 instance, doesn't it?

Your terminology is incorrect here. When you send a request from your local computer to the AWS environment, from the perspective of the AWS resources this is an incoming request. The public load balancer will receive the incoming request and distribute it to one of the EC2 instances.

When you do something like a curl command, or run something like yum or apt to install updates on your EC2 instance, those applications would be making outgoing requests. Those requests would go through the NAT Gateway to get to the Internet.