AWS
NLB
public subnets
EC2
private subnets

AWS NLB in public subnets with EC2 in private subnets

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Introduction

Amazon Web Services (AWS) provides a suite of load balancing solutions to meet various needs for scale, fault tolerance, and security. Among these, the Network Load Balancer (NLB) is designed to handle sudden and volatile traffic patterns, while maintaining low latencies. In certain architectures, AWS recommends deploying NLBs in public subnets while the connected Amazon EC2 instances remain in private subnets. This approach enhances security by restricting direct access to the instances from the internet, while still providing the necessary accessibility and load distribution.

Understanding AWS NLB and Subnet Architecture

Network Load Balancer (NLB)

An AWS Network Load Balancer operates at the connection level (Layer 4), forwarding TCP and TLS traffic to a specific target group based on the IP protocol data. Key features include:

  • Static IP Addresses: Provides a single static IP per Availability Zone or an Elastic IP (EIP), enhancing ease of configuration and reliability.
  • High-throughput: Capable of managing millions of requests per second while maintaining ultra-low latencies.
  • Zonal Isolation: Designed for continuous operation through any infrastructure impairments within a single zone.

Public and Private Subnets

AWS defines subnets as public or private based on their routing and accessibility:

  • Public Subnet: A subnet whose traffic is routed to an internet gateway. Instances in a public subnet can have direct access to the internet.
  • Private Subnet: A subnet not attached to an internet gateway. Instances here cannot directly access the internet.

Deployment Architecture

Architecture Overview

Here's a high-level look at how a Network Load Balancer in a public subnet interacts with EC2 instances in private subnets:

  1. Network Load Balancer (NLB): Deployed across multiple public subnets to ensure availability. Receives highly available, scalable traffic.
  2. EC2 Instances: Hosted within private subnets, these instances receive traffic from the NLB.
  3. Routing Configuration: Carefully crafted routing tables and security groups to facilitate the seamless flow of traffic from the internet to instances.

Technical Configuration

To set this up, you must perform the following:

  1. Create Public and Private Subnets: In your VPC, create separate subnets designated as public and private. Associate them with the appropriate route tables.
  2. Configure the NLB:
    • Ensure each public subnet is associated with an NLB listener.
    • Assign an EIP to the NLB if specific IP addresses are required for inbound traffic.
  3. Security Groups and Network ACLs:
    • Create security groups for your NLB and EC2 instances, ensuring that only necessary ports are open (e.g., port 80, 443).
    • Configure NACLs to allow ingress traffic to the NLB and necessary egress traffic from the instances.
  4. Test and Monitor:
    • Use AWS CloudWatch and other AWS monitoring tools to track performance metrics and ensure your system responds to traffic changes.

Advantages and Considerations

Advantages

  • Enhanced Security: EC2 instances are not directly exposed to the internet, reducing the attack surface.
  • Scalability: AWS NLB seamlessly manages traffic spikes and a high number of requests.
  • Resilience: With deployment across multiple public subnets and the use of static and Elastic IPs, NLBs maintain high availability.

Considerations

  • Cost: Usage of EIPs and data transfer between public and private subnets may incur additional costs.
  • Complexity: Designing effective routing and security configurations requires a strong understanding of AWS networking.

Summary Table

ComponentDescription
NLBManages traffic, offering a static IP and high throughput
Public SubnetHosts the NLB, direct routing to an Internet Gateway
Private SubnetHosts EC2 instances without direct internet access
SecurityEnhanced through private subnet architecture and considered security groups
MonitoringUse AWS tools like CloudWatch for performance monitoring

Conclusion

Deploying an AWS Network Load Balancer in public subnets with EC2 instances in private subnets provides robust scalability and security for your applications. Understanding the intricacies of AWS networking ensures optimal configuration and the ability to handle variable traffic seamlessly. Proper planning and architecture design are crucial to leveraging the benefits of this setup while ensuring cost-effectiveness and operational efficiency.


Course illustration
Course illustration

All Rights Reserved.