When using an internet facing ELB, do all of the instances behind the load-balancer have to have their own public IPs?

Question

I'm configuring internet facing load balancing on my AWS deployment and there's one issue I can't seem to get. I understand that ELB uses DNS records to load balance between the IPs of the instances, but do I have to assign elastic (public) IP addresses to my web servers? If I want to load balance between 10 internet facing web servers, do I really need 10 elastic IPs? Or is there a way to use ELB with one elastic IP and one DNS record?

Thanks!

Answer 1

Your instances do not need their own elastic IPs; they don't need any kind of public IP, and, typically, they should not even be in a public subnet. Only the ELB itself needs to be in a public subnet.

The ELB does not use your elastic IPs, even if they are present. An ELB deployment provides you with a hostname that is used to route inbound requests, using either a CNAME or a Route 53 Alias DNS record.

Note also, your web server machines in private subnets, you'll need a properly-configured NAT instance and routing tables in order for those machines to make outbound requests (e.g. to other web services, downloading updates, etc). This provisioning also has an advantage of providing all your web servers with one (or one per availability zone) source IP address for their originated traffic, which can be useful if someone you are making API requests to wants to whitelist your IP address.

See also:

• Why do we need private subnets in VPC?

• AWS public subnet autoscaling group with outbound NAT (this applies to servers behind ELB whether or not you're using auto-scaling).