I'm using Amazon EC2, and I want to put an internet-facing ELB (load balancer) to 2 instances on a private subnet. I am using VPC with public and private subnets. <ul> <li>If I just add the private subnet to the ELB, it will not get any connections.</li> <li>If I attach both subnets to the ELB then it can access the instances, but it often will get time-outs. (Refer Screenshot 1) </li> <li>If I attach to only public subnet then my instance attached to ELB gets OutOfService because I do not have any instance in the Public Subnet, instance count shows 0. (Refer Screenshot 2) </li> </ul> Screenshot 1: Both subnets attached <img src="https://i.stack.imgur.com/X0W63.png" alt="Both subnets attached"> Screenshot 2: Only public subnet attached <img src="https://i.stack.imgur.com/QEn2k.png" alt="Only public subnet attached"> My question is actually an extension to this question. After following all 6 steps mentioned in the accepted answer, I am still getting struck, my instance attached to ELB gets OutOfService. I have even tried with allowing ports in the Security Groups for EC2 instances and ELB, but it did not help. Please help, I am breaking my head with this.

The other SO question you referenced is spot on. Double/Triple check the following <ul> <li>You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in. </li> <li>Make sure that the security group of your instances allows access from the security group of your load balancer</li> <li>The load balancer security group should have an egress rule allowing the health check to reach the instance</li> <li>Make sure that your health check is working locally on the instance. For example, if your health check in the ELB is <code>HTTP:8080/health_check</code>, on the instance you can <code>curl x.x.x.x:8080/health_check</code> (where <code>x.x.x.x</code> is the private IP of the instance) and get a 200 response code. </li> <li>The public subnet routing table should route <code>0.0.0.0/0</code> to the internet gateway attached to your VPC.</li> <li>The private subnet routing table should route <code>0.0.0.0/0</code> to a NAT instance or gateway in a public subnet</li> </ul>

Amazon ELB for EC2 instances in private subnet in VPC

I'm using Amazon EC2, and I want to put an internet-facing ELB (load balancer) to 2 instances on a private subnet. I am using VPC with public and private subnets.

If I just add the private subnet to the ELB, it will not get any connections.
If I attach both subnets to the ELB then it can access the instances, but it often will get time-outs. (Refer Screenshot 1)
If I attach to only public subnet then my instance attached to ELB gets OutOfService because I do not have any instance in the Public Subnet, instance count shows 0. (Refer Screenshot 2)

Screenshot 1: Both subnets attached

Screenshot 2: Only public subnet attached

My question is actually an extension to this question. After following all 6 steps mentioned in the accepted answer, I am still getting struck, my instance attached to ELB gets OutOfService. I have even tried with allowing ports in the Security Groups for EC2 instances and ELB, but it did not help.

Please help, I am breaking my head with this.

Can ELB be in private subnet?

You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in. Make sure that your health check is working locally on the instance.

Can I connect to EC2 in private subnet?

You can SSH into EC2 instances in a private subnet using SSH agent forwarding. This method allows you to securely connect to Linux instances in private Amazon VPC subnets via a bastion host (aka jump host) that is located in a public subnet.

Is ELB inside VPC?

The popular AWS Elastic Load Balancing Feature is now available within the Virtual Private Cloud (VPC).

The other SO question you referenced is spot on. Double/Triple check the following

You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in.
Make sure that the security group of your instances allows access from the security group of your load balancer
The load balancer security group should have an egress rule allowing the health check to reach the instance
Make sure that your health check is working locally on the instance. For example, if your health check in the ELB is HTTP:8080/health_check, on the instance you can curl x.x.x.x:8080/health_check (where x.x.x.x is the private IP of the instance) and get a 200 response code.
The public subnet routing table should route 0.0.0.0/0 to the internet gateway attached to your VPC.
The private subnet routing table should route 0.0.0.0/0 to a NAT instance or gateway in a public subnet

Amazon ELB for EC2 instances in private subnet in VPC

Tags:

amazon-web-services

amazon-ec2

amazon-vpc

vpc

amazon-elb

manish_s

People also ask

1 Answers

Ben Whaley

Recent Activity

Donate For Us

Amazon ELB for EC2 instances in private subnet in VPC

Tags:

amazon-web-services

amazon-ec2

amazon-vpc

vpc

amazon-elb

manish_s

People also ask

1 Answers

Ben Whaley

Related questions

Recent Activity

Donate For Us