Elastic Load Balancing
Developer Guide
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Create an Internal Load Balancer

You can create an internal load balancer to distribute traffic to your EC2 instances in private subnets.

Prerequisites

  • If you have not yet created a VPC for your load balancer, you must create it before you get started. For more information, see Prepare Your VPC and Back-end Instances.

  • Launch the EC2 instances that you plan to register with your internal load balancer. Ensure that you launch them in a private subnet in the VPC intended for the load balancer.

Create an Internal Load Balancer Using the Console

By default, Elastic Load Balancing creates an Internet-facing load balancer. Use the following procedure to create an internal load balancer and register your EC2 instances with the newly created internal load balancer.

To create an internal load balancer

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under LOAD BALANCING, click Load Balancers.

  3. Click Create Load Balancer.

  4. On the Define Load Balancer page, do the following:

    1. In Load Balancer name, enter a name for your load balancer.

      The name of your load balancer must be unique within your set of load balancers, can have a maximum of 32 characters, and can contain only alphanumeric characters and hyphens.

    2. From Create LB inside, select a VPC for your load balancer.

    3. Click Create an internal load balancer.

    4. [Default VPC] If you selected a default VPC and would like to choose the subnets for your load balancer, select Enable advanced VPC configuration.

    5. Leave the default listener configuration.

    6. Under Select Subnets, select at least one available subnet. The available subnets for the VPC for your load balancer are displayed under Available Subnets. Click the icon in the Action column for each subnet to attach. These subnets are moved under Selected Subnets.

      Note

      If you select a default VPC as your network, but did not select Enable advanced VPC configuration, you do not see Select Subnets.

      You can select at most one subnet per Availability Zone. If you select a second subnet in an Availability Zone, it replaces the previously selected subnet for that Availability Zone. To improve the availability of your load balancer, select subnets from more than one Availability Zone.

    7. Click Next: Assign Security Groups.

  5. On the Assign Security Groups page, click Create a new security group. Enter a name and description for your security group, or leave the default name and description. This new security group contains a rule that allows traffic to the port that you configured your load balancer to use. If you specified a different port for the health checks, you must click Add Rule to add a rule that allows inbound traffic to that port as well. Click Next: Configure Security Settings.

  6. On the Configure Security Settings page, click Next: Configure Health Check to continue to the next step. If you prefer to create a HTTPS load balancer, see HTTPS Load Balancers.

  7. On the Configure Health Check page, configure the health check settings that your application requires, and then click Next: Add EC2 Instances.

  8. On the Add EC2 Instances page, select the instances to register with your load balancer, and then click Next: Add Tags.

    Note

    When you register an instance with an elastic network interface (ENI) attached, the load balancer routes traffic to the primary IP address of the primary interface (eth0) of the instance.

  9. (Optional) You can add tags to your load balancer. When you are finished adding tags, click Review and Create.

  10. On the Review page, check your settings. If you need to make changes, click the corresponding link to edit the settings. When you are finished, click Create to create your load balancer.

  11. After you are notified that your load balancer was created, click Close.

  12. Select your new load balancer.

  13. In the bottom pane, on the Description tab, note that DNS Name and Scheme indicate that the load balancer is internal.

    Check the Status row. If it indicates that some of your instances are not in service, its probably because they are still in the registration process. For more information, see Troubleshooting Elastic Load Balancing: Registering Instances.

Create an Internal Load Balancer Using the AWS CLI

By default, Elastic Load Balancing creates an Internet-facing load balancer. Use the following procedure to create an internal load balancer and register your EC2 instances with the newly created internal load balancer.

To create an internal load balancer

  1. Use the create-load-balancer command with the --scheme option set to internal, as follows:

    aws elb create-load-balancer --load-balancer-name my-internal-loadbalancer --listeners Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80
     --subnets subnet-4e05f721 --scheme internal --security-groups sg-b9ffedd5

    The following is an example response. Note that the name indicates that this is an internal load balancer.

    {
        "DNSName": "internal-my-internal-loadbalancer-786501203.us-west-2.elb.amazonaws.com"
    }
  2. Use the following register-instances-with-load-balancer command to add instances:

    aws elb register-instances-with-load-balancer --load-balancer-name my-internal-loadbalancer --instances i-4f8cf126 i-0bb7ca62

    The following is an example response:

    {
        "Instances": [
            {
                "InstanceId": "i-4f8cf126"
            },
            {
                "InstanceId": "i-0bb7ca62"
            }
        ]
    }
  3. (Optional) Use the following describe-load-balancers command to verify the internal load balancer:

    aws elb describe-load-balancers --load-balancer-name my-internal-loadbalancer

    The response includes the DNSName and Scheme fields, which indicate that this is an internal load balancer.

    {
        "LoadBalancerDescriptions": [
            {
                ...
                "DNSName": "internal-my-internal-loadbalancer-1234567890.us-west-2.elb.amazonaws.com", 
                "SecurityGroups": [
                    "sg-b9ffedd5"
                ], 
                "Policies": {
                    "LBCookieStickinessPolicies": [], 
                    "AppCookieStickinessPolicies": [], 
                    "OtherPolicies": []
                }, 
                "LoadBalancerName": "my-internal-loadbalancer", 
                "CreatedTime": "2014-05-22T20:32:19.920Z", 
                "AvailabilityZones": [
                    "us-west-2a"
                ], 
                "Scheme": "internal",
                ...
            }
        ]
    }