Elastic Load Balancing both internal and internet-facing

engma picture engma · Apr 12, 2016 · Viewed 17.3k times · Source

We are trying to use Elastic Load Balancing in AWS with auto-scaling so we can scale in and out as needed.

Our application consists of several smaller applications, they are all on the same subnet and the same VPC.

We want to put our ELB between one of our apps and the rest.

Problem is we want the load balancer to be working both internally between different apps using an API and also internet-facing because our application still has some usage that should be done externally and not through the API.

I've read this question but I could not figure out exactly how to do it from there, it does not really specify any steps or maybe I did understand it very well.

Can we have an ELB that is both internal and external?

For the record, I can only access this network through a VPN.

Answer

Matt Houser picture Matt Houser · Apr 13, 2016

It is not possible to for an Elastic Load Balancer to have both a public IP address and a private IP address. It is one or the other, but not both.

If you want your ELB to have a private IP address, then it cannot listen to requests from the internet.

If your ELB is public-facing, you can still call to it from your internal EC2 instances using the public endpoint. However, there are some caveats that goes with this:

  • The traffic will exit your VPC and re-enter it. It will not be direct instance-to-ELB connection that a private IP address will afford you.
  • You also cannot use security groups in your security group rules.

There are 3 alternative scenarios:

  1. Duplicate the ELB and EC2 instances, one dedicated to private traffic, one dedicated to public traffic.
  2. Have 2 ELBs (one public, one private) that share the same back-end EC2 instances.
  3. Don't use an ELB for either private or public traffic, and instead use an Elastic IP address (if public) or a private IP address (if private) on a single EC2 instance.