|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
Amazon Virtual Private Cloud ( Amazon VPC) lets you define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud.
Within this virtual private cloud, you can launch Amazon EC2 instances that have private (RFC 1918) IP addresses in the classless inter-domain routing (CIDR) range of your choice (for example, 10.0.0.0/16). You can use a load balancer to monitor and route traffic to your EC2 instances launched within a VPC.
You can create a VPC that spans multiple Availability Zones then add one or more subnets in each Availability Zone. A subnet in Amazon VPC is a subdivision within an Availability Zone defined by a segment of the IP address range of the VPC. Using subnets you can group your instances based on your security and operational needs. A subnet resides entirely within the Availability Zone it was created in.
To enable communication between the Internet and the instances in your subnets, you must create and attach an Internet gateway (IGW) to your VPC. An IGW connects the instances within your subnets to the Internet. The subnets that interact directly with the Internet must contain public instances (instances with public IP addresses).
To load balance your EC2 instances in a VPC, when you register load balancers in multiple Availability Zones, specify one subnet in each Availability Zone to which you want to attach the load balancer. Because a subnet is created for an Availability Zone, specifying the subnet ensures that the load balancer is configured to listen to requests in the corresponding Availability Zone.
When you attach your load balancer to a subnet, this defines the subnet that traffic must enter to forward the request to registered instances. The registered instances do not need to be in the same subnet that you attach to the load balancer. To ensure that your load balancer can scale properly, specify that the CIDR block of the subnet to which you attach the load balancer has at least a /27 bitmask (e.g., 10.0.0.0/27). You should also have at least 20 free IP addresses in the subnet where you attach the load balancer.
Elastic Load Balancing on Amazon VPC works essentially the same way as it does on Amazon EC2 and supports the same set of features. There is, however, a significant difference between the way the security groups function on Amazon VPC and Amazon EC2. In Amazon EC2, Elastic Load Balancing provides a special Amazon EC2 source security group that you can use to ensure that a back-end Amazon EC2 instance receives traffic only from Elastic Load Balancing. You cannot modify the source security group. Within Amazon VPC, you have control over the security groups assigned to your load balancer. Having control over your load balancer's security groups allows you to choose the ports and protocols to accept. For example, in Amazon VPC you can open Internet Control Message Protocol (ICMP) connections for the load balancer to respond to ping requests (however, ping requests will not be forwarded to any registered instances).
Elastic Load Balancing also supports dedicated EC2 instances with a tenancy attribute launched within a Amazon VPC. For information on dedicated tenancy instances, see Using EC2 Dedicated Instances in the Amazon Virtual Private Cloud User Guide.
IPv6 support is not currently available for load balancers in Amazon VPC.