amazon web services - How to load balance AWS private subnet EC2 instances

Question

If I create an ELB and try to attach the private subnet instances, my health check fails: OutOfService.

Question 1 : Can I get a internal / private IP(not IP but dns name) for Load Balancing. i.e not accessible to the internet?

Question 2 : If I have a public dnsname for my Application Load Balancer. How do I attach EC2 instances that are in my private subnet without an Elastic IP(aren't internet accessible). I am looking for the best approach. Should we have-

ELB --> public subnet EC2 instances (proxy configuration- */* [private_ip]:[port]/* ) ---> Service from Private Subnet/EC2 instance with health checks here.

Answer 1

The traditional architecture is:

• Elastic Load Balancer in public subnet
• Amazon EC2 instances in private subnet
• Security group on Load Balancer permitting port 80 & 443 from 0.0.0.0/0
• Security group on instances permitting port 80 from the Load Balancer security group
• An Amazon Route 53 Hosted Zone with a CNAME record set pointing to the DNS Name of the Load Balancer

If your instances are failing the Load Balancer health check, check the following:

• The instances should have a security group permitting inbound access from the Load Balancer
• The Load Balancer health check should be configured with a path to a web page to use for the health check
• The instances should have a functioning web server that is responding to the health checks