6

We’re trying to create a setup of multiple APIs via the Amazon AWS Elastic Beanstalk (AEB) component. The reason we have chosen AEB is because it provides seamless deployment and scaling for the applications we deploy, without the need to manually create Load Balancers (LB) and scaling rules. We would very much like to keep it this way as we are planning on launching a (large) number of applications and APIs.

However, we’re facing a number of challenges with AEB.

First and foremost, some of the API’s need to communicate internally, and low latency is a core requirement for us. In order to utilize internal network communication in AEB we have been “forced” to:

  1. Allocate a VPC in Amazon
  2. Deploy each application to this VPC - each behind their own internal LB

Now, when using the Elastic beanstalk URLs the APIs are able to resolve the internal IP of the LB of another API and thus the latency is eliminated and all is good - the APIs can communicate with one another.

However, this spawns another issue for us: Some of these “internally” allocated APIs (remember, they’re behind an internal LB in a VPC) must also be accessible from the internet.

We still haven’t found a way to make the internal LBs internet accessible (while keeping their ability to also act as internal LB), so any help on this matter is greatly appreciated.

nover
  • 2,259
  • 1
  • 27
  • 27
  • possible duplicate of [Amazon ELB in VPC](http://stackoverflow.com/questions/9257514/amazon-elb-in-vpc) – kukido Jan 07 '14 at 17:37

1 Answers1

3
  • Each application should be on a subnet within VPC
  • Update ACL and ELB Security Group to let external access

AWS Elastic Load Balancing Inside of a Virtual Private Cloud

Also, this question on SO contains relevant information: Amazon ELB in VPC

Community
  • 1
  • 1
kukido
  • 10,431
  • 1
  • 45
  • 52
  • Thanks for your suggestion, however, the problem is that internal load balancers do not get any "internet accessible ip" assigned, which means that adding them to security groups that allow internet access will do no good :( I've talked to Amazon support and they've given some suggestions - i'll return here when I have a definite solution. – nover Jan 11 '14 at 21:17
  • @nover Interesting. Please keep us posted. – kukido Jan 11 '14 at 21:35
  • Actually, after confering with the Amazon Support and reading what you have linked to once more, I'm marking your response as answer. The key is to launch the app into a VPC with an external load balancer - the amazon handles the rest. Thanks! – nover Jan 14 '14 at 19:05
  • @nover I'm glad it helped. Thank you for posting the comment, it will go a long way! – kukido Jan 14 '14 at 20:55
  • 3
    Not sure this is the correct answer when it comes to Beanstalk. When you make a BS environment public, the DNS record for the environment resolves to a public ip address. Therefore, any other internal AWS resource that tries to access it will do so using the public ip address, meaning that the request traverses the AWS border and comes back via the public internet. – Garreth McDaid Nov 19 '15 at 11:06
  • One side effect of what @GarrethMcDaid explained is that you can't add a Lambda function to a VPC and then connect to an internet-facing ELB without setting up a NAT Gateway. Wow, that's a mouth full... and a pain to figure out. – Isaiah Turner Dec 12 '16 at 09:10