Elastic Load Balancing
Developer Guide (API Version 2012-06-01)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Create a Basic Internal Load Balancer in Amazon VPC

You can make your load balancer internal (private) or Internet-facing (public) when creating it within a VPC. When you make your load balancer internal, a DNS name will be created, and it will contain the private IP address of the load balancer. Internal load balancer is not exposed to the internet. When you make your load balancer Internet-facing, a DNS name will be created with the public IP address. The DNS records are publicly resolvable in both cases. For information on using both internal and Internet-facing load balancer to support multiple tier architecture, see Internet-facing and Internal Load Balancers.

This topic uses an example to walk you through the process for creating a basic internal load balancer within your VPC and registering your EC2 instances with the newly created internal load balancer. This example uses default configurations for security group, listener protocols and ports, and for the health check. If you want to create an Internet-facing load balancer, see Create a Basic Load Balancer in EC2-VPC.

When you create your internal load balancer, you can optionally assign tags for your load balancer. Tags help you to categorize your load balancers in different ways, for example, by purpose, owner, or environment. For more information, see Tagging.

If you have not yet created your VPC environment for using an internal load balancer, create one before you proceed further. For information about creating a VPC environment, see Configure Amazon VPC for Elastic Load Balancing.

The following task list gives you a general overview of what you'll need to create a basic internal load balancer in Amazon VPC. Then you'll step through detailed procedures for each part of the creation process.

Creating a Basic Internal Load Balancer in VPC

1

Configure the listeners for your load balancer by specifying the ports and protocols to use for front-end connection (client to load balancer) and back-end connection (load balancer to back-end instance).

2

Configure a health check for your Amazon EC2 back-end instances.

3

Select the subnets in which to launch your load balancer.

4

Select security groups to assign to your load balancer.

5

Add Amazon EC2 instances to your load balancer.

6

[optional] Add tags to your load balancer.

7

Review settings.

8

Create your load balancer.


You can choose to create your load balancer in EC2-VPC using the AWS Management Console, the AWS command line interface (AWS CLI), or the Query API.

Using the AWS Management Console

To create a basic internal load balancer in VPC

  1. Start the Create Load Balancer wizard:

    1. On the Amazon EC2 console Resources page, in the EC2 Dashboard pane, under NETWORK & SECURITY, click Load Balancers.

      EC2 Console

    2. On the Load Balancers page, click Create Load Balancer.

  2. On the Define Load Balancer page, enter a name for your Amazon VPC load balancer (e.g., my-internal-loadbalancer).

    The load balancer name you choose must be unique within your set of load balancers, must have a maximum of 32 characters, and must only contain alphanumeric characters or hyphens.

  3. Click the Create LB inside dialog box and select the Amazon VPC in which you want to create your load balancer.

  4. If it is not already selected, click Create an internal load balancer box.

  5. Leave the Listener Configuration set to the default value.

    Internal

  6. Click Continue to configure the health check for your instances.

  7. On the Configure health Check page, configure the health check settings that your application requires.

  8. Click Continue to select the subnet in which you want to launch your load balancer instance.

  9. On the Select Subnets page, in the Available Subnets table, click the button in the Action column to select a subnet in which to create your internal load balancer.

    Your selected subnets are displayed in the Selected Subnets table.

    Selected Subnets

  10. Click Continue to select a security group to assign to your load balancer.

  11. This tutorial uses the default security group associated with your virtual private cloud.

    On the Assign Security Groups page, click Select an existing security group and then select the default VPC security group.

  12. If you use a pre-existing security group, ensure that it allows ingress to the ports that you configured the load balancer to use. If you create a security group in this step, the console will define these ports to be open for you.

    Select security groups

  13. Click Continue to register EC2 instances with your load balancer.

  14. On the Add EC2 Instances page, in the Add Instances to Load Balancer table, select the boxes in the Instance column to register instances with your load balancer.

    Add Amazon EC2 Instances

    Note

    When you register a multi-homed instance (an instance that has an elastic network interface (ENI) attached) with your load balancer, the load balancer will route traffic to the primary IP address of the instance (eth0). For more information on using ENIs, go to Elastic Network Interfaces.

    When you stop and then start your back-end EC2 instances associated with your load balancer, we recommend that you de-register your stopped instance from your load balancer, and then re-register the restarted instance. Failure to do so may prevent the load balancer from routing the traffic to the restarted instance. For procedures associated with de-registering and then registering your instances with your load balancer, see Deregister and Register Amazon EC2 Instances.

  15. Click Continue to set tags for your load balancer.

  16. Skip this step if you do not want to assign tags to your load balancer at this time and click Continue to review the details of your load balancer.

    On the Add Tags page, specify a key and a value for the tag.

  17. To add multiple tags, click Create Tag and continue to specify key and value for the tags.

    ELB Tags

  18. After you are done adding tags for your load balancer, click Continue to review the details of your load balancer.

  19. On the Review page of the Create Load Balancer wizard, check your settings. You can make changes by clicking the edit link for each setting.

  20. Click Create to create your load balancer.

  21. The Create Load Balancer wizard displays the status of your newly created load balancer. Click Close after confirming that your load balancer was successfully created.

  22. Your new load balancer is listed in the load balancer page. Select the check box next to your load balancer.

  23. The bottom pane displays the description of your load balancer. Verify that the descriptions match your specifications. Note that the DNS name and the description in the row titled Scheme, both indicate that your newly created load balancer is internal.

    Load Balancer Description

Using the AWS Command Line Interface

Important

Elastic Load Balancing CLI has been replaced by AWS Command Line Interface (AWS CLI), a unified tool to manage multiple AWS services. New features released after ELB CLI version 1.0.35.0 (dated 7/24/14) will be included in the AWS CLI only. We recommend that you start using the AWS CLI.

For a list of the functionality supported in previous ELB CLI versions, see Elastic Load Balancing API Tools.

Before you get started make sure that you have installed and configured your AWS CLI environment. For more information, see Getting Set Up with the AWS Command Line Interface.

By default, Elastic Load Balancing creates an Internet-facing load balancer with a publicly resolvable DNS name that resolves to public IP addresses. You can choose to create an internal load balancer with a DNS name that resolves to private IP addresses.

This example walks you through the process for creating a basic HTTP internal load balancer on Amazon VPC and registers Amazon EC2 instances with the newly created VPC load balancer. This example uses a default security group that is open to the Internet on port 80.

To create a basic internal load balancer in EC2-VPC

  1. Enter the create-load-balancer command as in the following example.

    aws elb create-load-balancer --load-balancer-name my-internal-loadbalancer --listeners Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80
     --subnets subnet-4e05f721 --scheme internal --security-groups sg-b9ffedd5 --tags Key=department,Value=digital-media

    Note

    Use --scheme option to create an internal load balancer. You need not specify this option if you're creating an Internet-facing (public) load balancer.

    --tags is an optional parameter. Do not use this option if you do not want to assign tags to your load balancer at this time.

  2. Elastic Load Balancing returns the following:

    {
        "DNSName": "internal-my-internal-loadbalancer-786501203.us-east-1.elb.amazonaws.com"
    }

To register your Amazon EC2 instances with your VPC load balancer

You should only register instances that are in the Pending or Running state and are in an Amazon VPC.

  • Enter the register-instances-with-load-balancer command as in the following example.

    aws elb register-instances-with-load-balancer  --load-balancer-name my-internal-loadbalancer   --instances i-4f8cf126 i-0bb7ca62

    Elastic Load Balancing returns the following:

    {
        "Instances": [
            {
                "InstanceId": "i-4f8cf126"
            },
            {
                "InstanceId": "i-0bb7ca62"
            }
        ]
    }

    Note

    When you register a multi-homed instance (an instance that has an elastic network interface (ENI) attached) with your load balancer, the load balancer will route traffic to the primary IP address of the instance (eth0). For more information on using ENIs, go to Elastic Network Interfaces.

    When you stop and then start your back-end EC2 instances associated with your load balancer, we recommend that you de-register your stopped instance from your load balancer, and then re-register the restarted instance. Failure to do so may prevent the load balancer from routing the traffic to the restarted instance. For procedures associated with de-registering and then registering your instances with your load balancer, see Deregister and Register Amazon EC2 Instances.

To verify that an internal load balancer was created

  1. Enter the describe-load-balancers command as in the following example.

    aws elb describe-load-balancers --load-balancer-name my-internal-loadbalancer 
  2. Elastic Load Balancing returns the following:

    {
        "LoadBalancerDescriptions": [
            {
                "Subnets": [
                    "subnet-4e05f721"
                ], 
                "CanonicalHostedZoneNameID": "Z3DZXE0Q79N41H", 
                "VPCId": "vpc-5ba9473e", 
                "ListenerDescriptions": [
                    {
                        "Listener": {
                            "InstancePort": 80, 
                            "LoadBalancerPort": 80, 
                            "Protocol": "HTTP", 
                            "InstanceProtocol": "HTTP"
                        }, 
                        "PolicyNames": []
                    }
                ], 
                "HealthCheck": {
                    "HealthyThreshold": 10, 
                    "Interval": 30, 
                    "Target": "TCP:80", 
                    "Timeout": 5, 
                    "UnhealthyThreshold": 2
                }, 
                "BackendServerDescriptions": [], 
                "Instances": [
                  {
                    "InstanceId": "i-4f8cf126"
                   },
                  {
                     "InstanceId": "i-0bb7ca62"
                  }
                ], 
                "DNSName": "internal-my-internal-loadbalancer-786501203.us-east-1.elb.amazonaws.com", 
                "SecurityGroups": [
                    "sg-b9ffedd5"
                ], 
                "Policies": {
                    "LBCookieStickinessPolicies": [], 
                    "AppCookieStickinessPolicies": [], 
                    "OtherPolicies": []
                }, 
                "LoadBalancerName": "my-internal-loadbalancer", 
                "CreatedTime": "2014-05-22T20:32:19.920Z", 
                "AvailabilityZones": [
                    "us-east-1"
                ], 
                "Scheme": "internal", 
                "SourceSecurityGroup": {
                    "OwnerAlias": "803981987763", 
                    "GroupName": "ELB Security Group"
                }
            }
        ]
    }	

Note that both the DNS name and the entry in the Scheme field indicate that the load balancer is internal.

Using the Query API

By default, Elastic Load Balancing creates an Internet-facing load balancer with a publicly resolvable DNS name that resolves to public IP addresses. You can choose to create an internal load balancer with a DNS name that resolves to private IP addresses.

This example walks you through the process for creating a basic HTTP internal load balancer on Amazon VPC and registers Amazon EC2 instances with the newly created VPC load balancer. This example uses a default security group.

To create a basic internal load balancer in EC2-VPC

  1. Use the CreateLoadBalancer action and specify the following parameters:

    • Subnets = subnet-4e05f721

    • Scheme = internal

      Note

      Use this parameter to create an internal load balancer. You need not specify this parameter if you're creating an Internet-facing load balancer.

    • Listener

      • Protocol = HTTP

      • InstanceProtocol = HTTP

      • InstancePort = 80

      • LoadBalancerPort = 80

    • LoadBalancerName = my-internal-loadbalancer

      The load balancer name you choose must be unique within your set of load balancers, must have a maximum of 32 characters, and must only contain alphanumeric characters or hyphens.

    • SecurityGroups = sg-b9ffedd5

    • Tags.member.1.Key = department

      Tags.member.1.Value = digital-media

      Note

      Tags is an optional parameter. Do not use this option if you do not want to assign tags to your load balancer at this time.

  2. The operation returns the DNS name of your load balancer. You can then map any other domain name (such as www.example.com) to your load balancer's DNS name using CNAME or some other technique.

To register your Amazon EC2 instances with your VPC load balancer

You should only register instances that are in the Pending or Running state and are in an Amazon Virtual Private Cloud (VPC).

  • Use the RegisterInstancesWithLoadBalancer action and specify the following parameters:

    • LoadBalancerName = my-internal-loadbalancer

    • Instances.member.1 = i-4f8cf126

      Instances.member.2 = i-0bb7ca62

    Note

    When you register a multi-homed instance (an instance that has an elastic network interface (ENI) attached) with your load balancer, the load balancer will route traffic to the primary IP address of the instance (eth0). For more information on using ENIs, go to Elastic Network Interfaces.

    When you stop and then start your back-end EC2 instances associated with your load balancer, we recommend that you de-register your stopped instance from your load balancer, and then re-register the restarted instance. Failure to do so may prevent the load balancer from routing the traffic to the restarted instance. For procedures associated with de-registering and then registering your instances with your load balancer, see Deregister and Register Amazon EC2 Instances.

To verify that an internal load balancer was created

  1. Enter the DescribeLoadBalancers action and specify the following parameter:

    • LoadBalancerName = my-internal-loadbalancer

  2. The operation returns the description of your load balancer. The description in the Scheme field indicates that your newly created load balancer is internal.