We are trying to use Elastic Load Balancing in AWS with auto-scaling so we can scale in and out as needed. Our application consists of several smaller applications, they are all on the same subnet and the same VPC. We want to put our ELB between one of our apps and the rest. Problem is we want the load balancer to be working both internally between different apps using an API and also internet-facing because our application still has some usage that should be done externally and not through the API. I've read this question but I could not figure out exactly how to do it from there, it does not really specify any steps or maybe I did understand it very well. Can we have an ELB that is both internal and external? For the record, I can only access this network through a VPN.

It is not possible to for an Elastic Load Balancer to have both a public IP address and a private IP address. It is one or the other, but not both. If you want your ELB to have a private IP address, then it cannot listen to requests from the internet. If your ELB is public-facing, you can still call to it from your internal EC2 instances using the public endpoint. However, there are some caveats that goes with this: <ul> <li>The traffic will exit your VPC and re-enter it. It will not be direct instance-to-ELB connection that a private IP address will afford you. </li> <li>You also cannot use security groups in your security group rules.</li> </ul> There are 3 alternative scenarios: <ol> <li>Duplicate the ELB and EC2 instances, one dedicated to private traffic, one dedicated to public traffic.</li> <li>Have 2 ELBs (one public, one private) that share the same back-end EC2 instances.</li> <li>Don't use an ELB for either private or public traffic, and instead use an Elastic IP address (if public) or a private IP address (if private) on a single EC2 instance.</li> </ol>

I disagree with @MattHouser answer. Actually, in a VPC, your ELB have all its internal interfaces listed in Network Interfaces with Public IP AND Primary private IP. I've tested the private IP of my public ELB and it's working exactly like the external one. The problem is : theses IPs are not listed anywhere in a up to date manner like on a private ELB DNS. So you have to do it by yourself. I've made a little POC script on this, with an internal Route53 hosted zone : https://gist.github.com/darylounet/3c6253c60b7dc52da927b80a0ae8d428

Elastic Load Balancing both internal and internet-facing

Tags:

We are trying to use Elastic Load Balancing in AWS with auto-scaling so we can scale in and out as needed.

Our application consists of several smaller applications, they are all on the same subnet and the same VPC.

We want to put our ELB between one of our apps and the rest.

Problem is we want the load balancer to be working both internally between different apps using an API and also internet-facing because our application still has some usage that should be done externally and not through the API.

I've read this question but I could not figure out exactly how to do it from there, it does not really specify any steps or maybe I did understand it very well.

Can we have an ELB that is both internal and external?

For the record, I can only access this network through a VPN.

927

asked Apr 12 '16 21:04

engma

2 Answers

It is not possible to for an Elastic Load Balancer to have both a public IP address and a private IP address. It is one or the other, but not both.

If you want your ELB to have a private IP address, then it cannot listen to requests from the internet.

If your ELB is public-facing, you can still call to it from your internal EC2 instances using the public endpoint. However, there are some caveats that goes with this:

The traffic will exit your VPC and re-enter it. It will not be direct instance-to-ELB connection that a private IP address will afford you.
You also cannot use security groups in your security group rules.

There are 3 alternative scenarios:

Duplicate the ELB and EC2 instances, one dedicated to private traffic, one dedicated to public traffic.
Have 2 ELBs (one public, one private) that share the same back-end EC2 instances.
Don't use an ELB for either private or public traffic, and instead use an Elastic IP address (if public) or a private IP address (if private) on a single EC2 instance.

113

answered Jan 29 '23 11:01

Matt Houser

I disagree with @MattHouser answer. Actually, in a VPC, your ELB have all its internal interfaces listed in Network Interfaces with Public IP AND Primary private IP. I've tested the private IP of my public ELB and it's working exactly like the external one.

The problem is : theses IPs are not listed anywhere in a up to date manner like on a private ELB DNS. So you have to do it by yourself.

I've made a little POC script on this, with an internal Route53 hosted zone : https://gist.github.com/darylounet/3c6253c60b7dc52da927b80a0ae8d428

answered Jan 29 '23 12:01

DaryL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

Elastic Load Balancing both internal and internet-facing

Tags:

engma

People also ask

2 Answers

Matt Houser

DaryL

Recent Activity

Donate For Us

Elastic Load Balancing both internal and internet-facing

Tags:

engma

People also ask

2 Answers

Matt Houser

DaryL

Related questions

Recent Activity

Donate For Us