Create an internal Classic Load Balancer
You can create an internal load balancer to distribute traffic to your EC2 instances
from clients with access to the VPC for the load balancer.
Prerequisites
-
If you have not yet created a VPC for your load balancer, you must create it before you get started.
For more information, see Prepare your VPC and EC2 instances.
-
Launch the EC2 instances that you plan to register with your internal load balancer.
Ensure that you launch them in private subnets in the VPC intended for the load balancer.
Create an internal load balancer using the AWS Management Console
- New EC2 experience
-
Use the following procedure to create your internal Classic Load Balancer. Provide basic configuration information for your load balancer, such as a name and scheme. Then provide information about your network, and the listener that routes traffic to your instances..
To create an internal Classic Load Balancer
-
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.
-
On the navigation bar, choose a Region for your load balancer. Be sure to select
the same Region that you selected for your EC2 instances.
-
On the navigation pane, under Load Balancing, choose
Load Balancers.
-
Choose Create Load Balancer.
-
Expand the Classic Load Balancer section, then choose Create.
-
Basic configuration
-
For Load balancer name, type a name for your load
balancer.
The name of your Classic Load Balancer must be unique within your set of Classic Load Balancers for the
Region, can have a maximum of 32 characters, can contain only alphanumeric
characters and hyphens, and must not begin or end with a hyphen.
-
For Scheme, select Internal.
-
Network mapping
-
For VPC, select the same VPC that you selected for your
instances.
-
For Mappings, first select an Availability Zone, then choose a
subnet from its available subnets. You can only select one subnet per Availability Zone.
To improve the availability of your load balancer, select more than one Availability Zone and subnet.
-
For Security groups, select an existing security group that is
configured to allow the required HTTP traffic on port 80. Or you can create a new security group if your application
uses different protocols and ports.
-
Listeners and routing
-
For Listener, ensure the protocol is HTTP
and the port
is 80
.
-
For Instance, ensure the protocol is HTTP
and the port
is 80
.
-
Health checks
-
For Ping Protocol, the default is HTTP
.
-
For Ping Port, the default is 80
.
-
For Ping Path, the default is /
.
-
For Advanced health check settings, use the default values or enter values specific to your application.
-
Instances
-
Select Add instances, to bring up the instance selection screen.
-
Under Available instances, you can select from the current instances
that are available to the load balancer, based on the network settings selected before.
-
After you're satisfied with your selections, select Confirm to add the
instances to be registered to the load balancer.
-
Attributes
-
For Enable cross-zone load balancing, Enable
connection draining, and Timeout (draining interval)
keep the default values.
-
Load balancer tags (optional)
-
The Key field is required.
-
The Value field is optional.
-
To add another tag, select Add new tag then input your values into the
Key field, and optionally the Value
field.
-
To remove an existing tag, select Remove next to the tag you want to remove.
-
Summary and creation
-
If you need to change any settings, select Edit next to the setting
needing to be changed.
-
After you're satisfied with all the settings shown in the summary, select Create
load balancer to begin creation of your load balancer.
-
On the final creation page, select View load balancer to view your load balancer in the Amazon EC2 console.
-
Verify
-
Select your new load balancer.
-
On the Target instances tab, check the Health status column. After
at least one of your EC2 instances is In-service, you can test your load balancer.
-
In the Details section, copy the load balancers DNS name,
which would look similar to my-load-balancer-1234567890.us-east-1.elb.amazonaws.com
.
-
Paste your load balancers DNS name into the address field of a public internet
connected web browser. If your load balancer is functioning correctly, you will see the default page
of your server.
-
Delete (optional)
-
If you have a CNAME record for your domain that points to your load balancer, point it to a new location
and wait for the DNS change to take effect before deleting your load balancer.
-
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.
-
Select the load balancer.
-
Choose Actions, Delete load balancer.
-
When prompted for confirmation, type confirm
then select Delete.
-
After you delete a load balancer, the EC2 instances that were registered with the load balancer continue
to run. You will be billed for each partial or full hour that they continue running. When you no longer
need an EC2 instance, you can stop or terminate it to prevent incurring additional charges.
- Old EC2 experience
-
By default, Elastic Load Balancing creates an internet-facing load balancer. Use
the following procedure to create an internal load balancer and register your EC2
instances with the newly created internal load balancer.
To create an internal load balancer
-
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.
-
On the navigation pane, under Load Balancing, choose
Load Balancers.
-
Choose Create Load Balancer.
-
For Select load balancer type, choose Classic Load Balancer.
-
On the Define Load Balancer page, do the following:
-
For Load Balancer name, type a name for your load balancer.
The name of your Classic Load Balancer must be unique within your set of Classic Load Balancers for the Region, can have a maximum of 32 characters,
can contain only alphanumeric characters and hyphens, and must not begin or end with a hyphen.
-
For Create LB inside, select a VPC for your load balancer.
-
Choose Create an internal load balancer.
-
[Default VPC] If you selected a default VPC and would like to select subnets for your load balancer,
choose Enable advanced VPC configuration.
-
Leave the default listener configuration.
-
For Available subnets, select at least one available
subnet using its add icon. The subnet is moved under Selected subnets.
To improve the availability of your load balancer, select more than one subnet.
If you selected a default VPC as your network, but did not select Enable advanced
VPC configuration, you do not have the option to select subnets.
You can attach at most one subnet per Availability Zone.
If you select a subnet from an Availability Zone where there is already an attached subnet,
this subnet replaces the currently attached subnet for the Availability Zone.
-
Choose Next: Assign Security Groups.
-
On the Assign Security Groups page, choose
Create a new security group. Enter a name and description
for your security group, or leave the default name and description. This new
security group contains a rule that allows traffic to the port that you
configured your load balancer to use. If you will use a different port for the
health checks, you must choose Add Rule to add a rule that
allows inbound traffic to that port as well. Choose Next: Configure
Security Settings.
-
On the Configure Security Settings page, choose
Next: Configure Health Check to continue to the next step.
If you prefer to create a HTTPS load balancer, see
HTTPS listeners for your Classic Load Balancer.
-
On the Configure Health Check page, configure the
health check settings that your application requires, and then choose
Next: Add EC2 Instances.
-
On the Add EC2 Instances page, select the instances to register with your
load balancer, and then choose Next: Add Tags.
When you register an instance with an elastic network interface (ENI)
attached, the load balancer routes traffic to the primary IP address of the
primary interface (eth0) of the instance.
-
(Optional) You can add tags to your load balancer. When you are finished adding tags,
choose Review and Create.
-
On the Review page, check your settings. If you need to
make changes, choose the corresponding link to edit the settings. When you are finished,
choose Create.
-
After you are notified that your load balancer was created, choose Close.
-
Select your new load balancer.
-
On the Description tab, note that
DNS name and Scheme indicate
that the load balancer is internal.
Check the Status row. If it indicates that some of your
instances are not in service, its probably because they are still
in the registration process. For more information, see Troubleshoot a Classic Load Balancer: Instance registration.
Create an internal load balancer using the AWS CLI
By default, Elastic Load Balancing creates an internet-facing load balancer. Use
the following procedure to create an internal load balancer and register your EC2
instances with the newly created internal load balancer.
To create an internal load balancer
-
Use the create-load-balancer command with the --scheme
option set to internal
, as follows:
aws elb create-load-balancer --load-balancer-name my-internal-loadbalancer
--listeners Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80
--subnets subnet-4e05f721
--scheme internal --security-groups sg-b9ffedd5
The following is an example response. Note that the name indicates that this is an internal
load balancer.
{
"DNSName": "internal-my-internal-loadbalancer-786501203.us-west-2.elb.amazonaws.com"
}
-
Use the following register-instances-with-load-balancer command to add instances:
aws elb register-instances-with-load-balancer --load-balancer-name my-internal-loadbalancer
--instances i-4f8cf126 i-0bb7ca62
The following is an example response:
{
"Instances": [
{
"InstanceId": "i-4f8cf126"
},
{
"InstanceId": "i-0bb7ca62"
}
]
}
-
(Optional) Use the following describe-load-balancers command to verify the internal load balancer:
aws elb describe-load-balancers --load-balancer-name my-internal-loadbalancer
The response includes the DNSName
and Scheme
fields, which
indicate that this is an internal load balancer.
{
"LoadBalancerDescriptions": [
{
...
"DNSName": "internal-my-internal-loadbalancer-1234567890.us-west-2.elb.amazonaws.com",
"SecurityGroups": [
"sg-b9ffedd5"
],
"Policies": {
"LBCookieStickinessPolicies": [],
"AppCookieStickinessPolicies": [],
"OtherPolicies": []
},
"LoadBalancerName": "my-internal-loadbalancer",
"CreatedTime": "2014-05-22T20:32:19.920Z",
"AvailabilityZones": [
"us-west-2a"
],
"Scheme": "internal",
...
}
]
}