Amazon ELB for EC2 instances in private subnet in VPC
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction to Amazon ELB for EC2 Instances in Private Subnets
Amazon Elastic Load Balancing (ELB) is a robust service that automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses, in one or more availability zones (AZs). When setting up ELB for EC2 instances located in private subnets within a Virtual Private Cloud (VPC), it is crucial to understand how ELB operates within the architecture.
ELB Types
Amazon ELB provides three types of load balancers:
- Classic Load Balancer: Primarily used for applications built within the EC2-Classic network, offering basic load balancing across multiple EC2 instances.
- Application Load Balancer (ALB): Best for HTTP/HTTPS traffic, allows flexible application management and routing at the request level.
- Network Load Balancer (NLB): Ideal for TCP/UDP traffic, capable of handling millions of requests per second while maintaining low latencies.
For EC2 instances located in private subnets, both ALB and NLB are prime candidates due to their ability to be associated with VPCs and target private IP addresses.
Setting Up ELB in a VPC with Private Subnets
Step-by-Step Setup
- VPC and Subnet Configuration:
- Create a VPC and define CIDR blocks as required.
- Set up public and private subnets within the VPC.
- Ensure that the private subnets do not have a route directly to the internet gateway.
- Launch EC2 Instances:
- Launch EC2 instances within the private subnets. Ensure security group rules allow inbound traffic from the load balancer.
- Create Security Groups:
- For private EC2 instances, the security group must allow inbound traffic from the ELB security group.
- Ensure the ELB security group allows traffic from acceptable client IP ranges.
- DNS and Internal Connectivity:
- Configure Route 53 (optional) for internal DNS resolution if needed.
- Utilize VPC peering or AWS Transit Gateway for inter-VPC connectivity when required.
- ELB Configuration:
- Navigate to the EC2 dashboard, and create an ALB or NLB.
- Attach the load balancer to the desired subnets in the VPC.
- Configure appropriate target groups to point to the private EC2 instances.
- Health Checks:
- Set up health checks to monitor the health of EC2 instances. These checks help ELB to route traffic only to healthy instances.
- Listener and Routing Rules:
- Define listeners to check for incoming connection requests.
- Depending on the ELB type, configure routing rules (ALB) or listener ports (NLB) to balance traffic effectively.
Private Subnet Considerations
- Outbound Access: Private subnets do not have direct internet access; for outbound internet access, NAT gateways or NAT instances are needed.
- Security: Private IP addresses provide a layer of security, reducing the exposure of instances to the public internet.
- Latency and Resilience: Place ELBs and EC2 instances across multiple availability zones to ensure low latency and high availability.
Best Practices
- Logging and Monitoring: Enable access logs and configure CloudWatch metrics for real-time performance tracking.
- Redundancy: Ensure ELBs are distributed across multiple availability zones to prevent a single point of failure.
- Resource Scaling: Utilize Auto Scaling to adjust the number of instances in the target group dynamically based on demand.
Key Points Summary
| Key Point | Description |
| ELB Types | Classic, Application, and Network Load Balancers. |
| Traffic Distribution | Automatically distributes incoming traffic across multiple EC2 instances. |
| Health Checks | Ensure only healthy EC2 instances receive traffic. |
| Private Subnet | Does not have direct internet access; requires NAT for egress traffic. |
| Security Groups | Define rules to specify allowed traffic between ELB and instances. |
| High Availability | Deploy ELBs across multiple availability zones. |
| Scaling | Combine ELB with Auto Scaling for resource demand management. |
Conclusion
Amazon ELBs, when used with EC2 instances in private subnets, offer a scalable, secure, and efficient way to manage traffic within AWS infrastructure. By understanding the configuration steps and best practices, businesses can harness the full potential of AWS's cloud offerings to serve their application needs effectively.

