Amazon ELB in VPC

Question

We're using Amazon EC2, and we want to put an ELB (load balancer) to 2 instances on a private subnet. If we just add the private subnet to the ELB, it will not get any connections, if we attach both subnets to the ELB then it can access the instances, but it often will get time-outs. Has anyone successfully implemented an ELB within the private subnet of their VPC? If so, could you perhaps explain the procedure to me?

Thanks

Answer 1

Instances in Private subnets cannot communicate directly to the internet. So, in cases like these, NAT helps all the internet bound traffic generating from your private instances to go to the internet and then it gets the reply from the internet and sends it back to the private instance. For example, let's say you have a database server in your private subnet and that server needs to download some DB level patches from the internet, so it will generate traffic to the internet but it won't be able to communicate with the internet directly. This traffic will be sent to NAT and NAT sends it to the internet.

So, in order to implement an ELB  within a private subnet, make sure the private routing table for private instances is configured to go through NAT and your NAT should be configured with a public subnet because it needs to communicate with the internet.