Elastic Load Balancing
Developer Guide (API Version 2012-06-01)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Create a Basic Internal Load Balancer in Amazon VPC

You can make your load balancer internal (private) or Internet-facing (public) when creating it within a VPC. When you make your load balancer internal, a DNS name will be created, and it will contain the private IP address of the load balancer. Internal load balancer is not exposed to the internet. When you make your load balancer Internet-facing, a DNS name will be created with the public IP address. The DNS records are publicly resolvable in both cases. For information on using both internal and Internet-facing load balancer to support multiple tier architecture, see Internet-facing and Internal Load Balancers.

This topic uses an example to walk you through the process for creating a basic internal load balancer within your VPC and registering your EC2 instances with the newly created internal load balancer. This example uses default configurations for security group, listener protocols and ports, and for the health check. If you want to create an Internet-facing load balancer, see Create a Basic Load Balancer in EC2-VPC.

If you have not yet created your VPC environment for using an internal load balancer, create one before you proceed further. For information about creating a VPC environment, see Create Amazon VPC for Elastic Load Balancing.

The following task list gives you a general overview of what you'll need to create a basic internal load balancer in Amazon VPC. Then you'll step through detailed procedures for each part of the creation process.

Creating a Basic Internal Load Balancer in VPC

1

Configure the listeners for your load balancer by specifying the ports and protocols to use for front-end connection (client to load balancer) and back-end connection (load balancer to back-end instance).

2

Configure a health check for your Amazon EC2 back-end instances.

3

Select the subnets in which to launch your load balancer.

4

Select security groups to assign to your load balancer.

5

Add Amazon EC2 instances to your load balancer.

6

Review settings.

7

Create your load balancer.


You can choose to create your load balancer in EC2-VPC using the AWS Management Console, the command line interface, or the Query API. If want to use the command line interface, be sure to install the interface. For more information, see Setting Up Elastic Load Balancing Interfaces.

Using the AWS Management Console

To create a basic internal load balancer in VPC

  1. Start the Create Load Balancer wizard:

    1. On the Amazon EC2 console Resources page, in the EC2 Dashboard pane, under NETWORK & SECURITY, click Load Balancers.

      EC2 Console

    2. On the Load Balancers page, click Create Load Balancer.

  2. On the Define Load Balancer page, enter a name for your Amazon VPC load balancer (e.g., my-internal-loadbalancer).

  3. Click the Create LB inside dialog box and select the Amazon VPC in which you want to create your load balancer.

  4. If it is not already selected, click Create an internal load balancer box.

  5. Leave the Listener Configuration set to the default value.

    Internal

  6. Click Continue to configure the health check for your instances.

  7. On the Configure health Check page, configure the health check settings that your application requires.

  8. Click Continue to select the subnet in which you want to launch your load balancer instance.

  9. On the Select Subnets page, in the Available Subnets table, click the button in the Action column to select your subnet.

    Your selected subnets are displayed in the Selected Subnets table.

    Selected Subnets

  10. Click Continue to select a security group to assign to your load balancer.

  11. This tutorial uses the default security group associated with your virtual private cloud.

    On the Assign Security Groups page, click Select an existing security group and then select the default VPC security group.

  12. If you use a pre-existing security group, ensure that it allows ingress to the ports that you configured the load balancer to use. If you create a security group in this step, the console will define these ports to be open for you.

    Select security groups

  13. Click Continue to register EC2 instances with your load balancer.

  14. On the Add EC2 Instances page, in the Add Instances to Load Balancer table, select the boxes in the Instance column to register instances with your load balancer.

    Add Amazon EC2 Instances

    Note

    When you register a multi-homed instance (an instance that has an elastic network interface (ENI) attached) with your load balancer, the load balancer will route traffic to the primary IP address of the instance (eth0). For more information on using ENIs, go to Elastic Network Interfaces.

    When you stop and then start your back-end EC2 instances associated with your load balancer, we recommend that you de-register your stopped instance from your load balancer, and then re-register the restarted instance. Failure to do so may prevent the load balancer from routing the traffic to the restarted instance. For procedures associated with de-registering and then registering your instances with your load balancer, see Deregister and Register Amazon EC2 Instances.

  15. Click Continue to review your configuration. On the Review page of the Create Load Balancer wizard, check your settings. You can make changes by clicking the edit link for each setting.

  16. Click Create to create your load balancer.

  17. The Create Load Balancer wizard displays the status of your newly created load balancer. Click Close after confirming that your load balancer was successfully created.

  18. Your new load balancer is listed in the load balancer page. Select the check box next to your load balancer.

  19. The bottom pane displays the description of your load balancer. Verify that the descriptions match your specifications. Note that the DNS name and the description in the row titled Scheme, both indicate that your newly created load balancer is internal.

    Load Balancer Description

Using the Query API

By default, Elastic Load Balancing creates an Internet-facing load balancer with a publicly resolvable DNS name that resolves to public IP addresses. You can choose to create an internal load balancer with a DNS name that resolves to private IP addresses.

This example walks you through the process for creating a basic HTTP internal load balancer on Amazon VPC and registers Amazon EC2 instances with the newly created VPC load balancer. This example uses a default security group.

To create a basic internal load balancer in EC2-VPC

  1. Call CreateLoadBalancer using the following parameters:

    • Subnets = subnet-450f512c

    • Scheme = internal

      Note

      Use this parameter to create an internal load balancer. You need not specify this parameter if you're creating an Internet-facing load balancer.

    • Listener

      • Protocol = HTTP

      • InstanceProtocol = HTTP

      • InstancePort = 80

      • LoadBalancerPort = 80

    • LoadBalancerName = MyVPCLoadBalancer

    • SecurityGroups = sg-b9ffedd5

  2. The operation returns the DNS name of your load balancer. You can then map any other domain name (such as www.example.com) to your load balancer's DNS name using CNAME or some other technique.

To register your Amazon EC2 instances with your VPC load balancer

You should only register instances that are in the Pending or Running state and are in an Amazon Virtual Private Cloud (VPC).

  • Call RegisterInstancesWithLoadBalancer with the following parameters:

    • LoadBalancerName = MyVPCLoadBalancer

    • Instances = [ i-4f8cf126, i-0bb7ca62 ]

    Note

    When you register a multi-homed instance (an instance that has an elastic network interface (ENI) attached) with your load balancer, the load balancer will route traffic to the primary IP address of the instance (eth0). For more information on using ENIs, go to Elastic Network Interfaces.

    When you stop and then start your back-end EC2 instances associated with your load balancer, we recommend that you de-register your stopped instance from your load balancer, and then re-register the restarted instance. Failure to do so may prevent the load balancer from routing the traffic to the restarted instance. For procedures associated with de-registering and then registering your instances with your load balancer, see Deregister and Register Amazon EC2 Instances.

To verify that an internal load balancer was created

  1. Call DescribeLoadBalancers with the following parameter:

    • LoadBalancerName = MyVPCLoadBalancer

  2. The operation returns the description of your load balancer. The description in the Scheme field indicates that your newly created load balancer is internal.

For detailed descriptions of the Elastic Load Balancing API actions, see Elastic Load Balancing API Reference.

Using the Command Line Interface

By default, Elastic Load Balancing creates an Internet-facing load balancer with a publicly resolvable DNS name that resolves to public IP addresses. You can choose to create an internal load balancer with a DNS name that resolves to private IP addresses.

This example walks you through the process for creating a basic HTTP internal load balancer on Amazon VPC and registers Amazon EC2 instances with the newly created VPC load balancer. This example uses a default security group that is open to the Internet on port 80.

To create a basic internal load balancer in EC2-VPC

  1. Enter the command elb-create-lb as in the following example.

    PROMPT> elb-create-lb  MyVPCLoadBalancer --subnets subnet-4e05f721  --scheme internal --security-groups sg-b9ffedd5 --listener "lb-port=80,instance-port=80,protocol=http,instance-protocol=http" 
                            

    Note

    Use --scheme option to create an internal load balancer. You need not specify this option if you're creating an Internet-facing (public) load balancer.

  2. Elastic Load Balancing returns the following:

    DNS-NAME  DNS-NAME 
    DNS-NAME  internal-MyVPCLoadBalancer-2111276808.us-east-1a.elb.amazonaws.com

To register your Amazon EC2 instances with your VPC load balancer

You should only register instances that are in the Pending or Running state and are in an Amazon VPC.

  1. Use the elb-register-instances-with-lb command as in the following example.

    PROMPT> elb-register-instances-with-lb  MyVPCLoadBalancer  --instances i-4f8cf126,i-0bb7ca62
  2. Elastic Load Balancing returns the following:

    INSTANCE  INSTANCE-ID
    INSTANCE  i-4f8cf126
    INSTANCE  i-0bb7ca62		

    Note

    When you register a multi-homed instance (an instance that has an elastic network interface (ENI) attached) with your load balancer, the load balancer will route traffic to the primary IP address of the instance (eth0). For more information on using ENIs, go to Elastic Network Interfaces.

    When you stop and then start your back-end EC2 instances associated with your load balancer, we recommend that you de-register your stopped instance from your load balancer, and then re-register the restarted instance. Failure to do so may prevent the load balancer from routing the traffic to the restarted instance. For procedures associated with de-registering and then registering your instances with your load balancer, see Deregister and Register Amazon EC2 Instances.

To verify that an internal load balancer was created

  1. Use the elb-describe-lbs command as in the following example.

    PROMPT> elb-describe-lbs  MyVPCLoadBalancer
  2. Elastic Load Balancing returns the following:

    LOAD_BALANCER   MyVPCLoadBalancer  internal-MyVPCLoadBalancer-2111276808.us-east-1a.elb.amazonaws.com
    2012-06-04T02:33:20 450Z internal
    	

For detailed descriptions of the Elastic Load Balancing commands, see the Elastic Load Balancing Quick Reference Card.