Load Balancer
You can add at most one subnet per Availability Zone for a LB
LB - create listeners with port - Create Target groups - add ec2 instances
Create ASG - with scaling rules- associate ASG with target group
Add rules to target group to direct traffic based on path routes etc
When you create a load balancer in a VPC, you must choose whether to make it an internal load balancer or an internet-facing load balancer.
The nodes of an internet-facing load balancer have public IP addresses. The DNS name of an internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, internet-facing load balancers can route requests from clients over the internet. For more information, see Internet-facing Classic Load Balancers.
The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can only route requests from clients with access to the VPC for the load balancer.
Public private subnets:
https://aws.amazon.com/blogs/
architecture/one-to-many- evolving-vpc-design/ Public subnets are attached to a route table that has a default route to the Internet via an Internet gateway.
A private subnet contains infrastructure that isn’t directly accessible from the Internet. Unlike the public subnet, this infrastructure only has private IPs.
Infrastructure in a private subnet gain access to resources or users on the Internet through a NAT infrastructure of sorts. Use nat gw n multiple AZ for HA. AWS allocated IPv6 addresses are Global Unicast Addresses by default. That said, you can privatize these subnets by using an Egress-Only Internet Gateway (E-IGW), instead of a regular Internet gateway. E-IGWs are purposely built to prevents users and applications on the Internet from initiating access to infrastructure in your IPv6 subnet(s).
To use the NAT Gateway, assign a route in the private subnet, in lieu of a route to an Internet Gateway. Traffic destined for the Internet will flow from the private subnet to the NAT Gateway in the public subnet, and then out to the Internet through the Internet Gateway.
Comments
Post a Comment