Amazon ELB for EC2 instances in private subnet in VPC

Question

I\'m using Amazon EC2, and I want to put an internet-facing ELB (load balancer) to 2 instances on a private subnet. I am using VPC with public and private subnets.

Answer 1

The other SO question you referenced is spot on. Double/Triple check the following

• You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in.
• Make sure that the security group of your instances allows access from the security group of your load balancer
• The load balancer security group should have an egress rule allowing the health check to reach the instance
• Make sure that your health check is working locally on the instance. For example, if your health check in the ELB is HTTP:8080/health_check, on the instance you can curl x.x.x.x:8080/health_check (where x.x.x.x is the private IP of the instance) and get a 200 response code.
• The public subnet routing table should route 0.0.0.0/0 to the internet gateway attached to your VPC.
• The private subnet routing table should route 0.0.0.0/0 to a NAT instance or gateway in a public subnet

Answer 2

The other SO question helped me as well. For me I kept forgetting that I needed to install software to server (i.e Apache) and if you don't create a NAT GW or some other method to allow software installs it will fail. If you want to try an automated fashion w/o much hassle, you can try a script:

https://github.com/jouellnyc/AWS/tree/master/create_aws_vpc3

Note there's plenty of good docs and discussions already but:

HTTP codes I got from the ELB:

• 504 - Probably security groups - allow access to the port 80 of the instances
• 503 - Probably the wrong target group setup
• 502 - Probably Apache/Server not running b/c it’s not installed because there's no nat gw or method to install software.