7

I'm configuring internet facing load balancing on my AWS deployment and there's one issue I can't seem to get. I understand that ELB uses DNS records to load balance between the IPs of the instances, but do I have to assign elastic (public) IP addresses to my web servers? If I want to load balance between 10 internet facing web servers, do I really need 10 elastic IPs? Or is there a way to use ELB with one elastic IP and one DNS record?

Thanks!

Harnik
  • 253
  • 2
  • 5

1 Answers1

14

Your instances do not need their own elastic IPs; they don't need any kind of public IP, and, typically, they should not even be in a public subnet. Only the ELB itself needs to be in a public subnet.

The ELB does not use your elastic IPs, even if they are present. An ELB deployment provides you with a hostname that is used to route inbound requests, using either a CNAME or a Route 53 Alias DNS record.

Note also, your web server machines in private subnets, you'll need a properly-configured NAT instance and routing tables in order for those machines to make outbound requests (e.g. to other web services, downloading updates, etc). This provisioning also has an advantage of providing all your web servers with one (or one per availability zone) source IP address for their originated traffic, which can be useful if someone you are making API requests to wants to whitelist your IP address.

See also:

Community
  • 1
  • 1
Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • And you need a NAT instance in a public subnet with proper routing if you want to give internet access FROM your webservers. ( For example to call 3rd party webservices.) – Adam Ocsvari Jun 22 '15 at 17:09
  • @AdamOcsvari that's true. I overlooked mentioning one of the fundamentals. Edited. – Michael - sqlbot Jun 22 '15 at 21:07
  • Personally, I prefer for the load balanced servers to either only be accessible via the load balancer, or via a private (internal) request. – Rick Buford Jun 23 '15 at 01:39
  • @RickBuford agreed. That's what this answer intends to communicate. Have I left that ambiguous? The NAT instance is to allow the web servers to make any necessary *outbound* requests (only). – Michael - sqlbot Jun 23 '15 at 10:58