Amazon ELB for EC2 instances in private subnet in VPC
I'm using Amazon EC2, and I want to put an internet-facing ELB (load balancer) to 2 instances on a private subnet. I am using VPC with public and private subnets.
- If I just add the private subnet to the ELB, it will not get any connections.
- If I attach both subnets to the ELB then it can access the instances, but it often will get time-outs. (Refer Screenshot 1)
- If I attach to only public subnet then my instance attached to ELB gets OutOfService because I do not have any instance in the Public Subnet, instance count shows 0. (Refer Screenshot 2)
Screenshot 1: Both subnets attached
Screenshot 2: Only public subnet attached
My question is actually an extension to this question. After following all 6 steps mentioned in the accepted answer, I am still getting struck, my instance attached to ELB gets OutOfService. I have even tried with allowing ports in the Security Groups for EC2 instances and ELB, but it did not help.
Please help, I am breaking my head with this.
Answer
The other SO question you referenced is spot on. Double/Triple check the following
- You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in.
- Make sure that the security group of your instances allows access from the security group of your load balancer
- The load balancer security group should have an egress rule allowing the health check to reach the instance
- Make sure that your health check is working locally on the instance. For example, if your health check in the ELB is
HTTP:8080/health_check, on the instance you cancurl x.x.x.x:8080/health_check(wherex.x.x.xis the private IP of the instance) and get a 200 response code. - The public subnet routing table should route
0.0.0.0/0to the internet gateway attached to your VPC. - The private subnet routing table should route
0.0.0.0/0to a NAT instance or gateway in a public subnet