Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

How to connect to an internet-facing Application Load Balancer using its internal IP addresses

0

How can I connect to an internet-facing Application Load Balancer using its internal IP addresses?

Situation:

  • Multi-Account Setup using a centralized Network Account
  • Within the Network Account, there is an internet-facing Application Load Balancer used for our IdP / PingFederate
  • Applications hosted in AWS should connect to IdP / Application Load Balancer using its internal IP addresses

Issue:

  • I am not able find a way on how to resolve the internal IP addresses of the internet-facing Application Load Balancer using a comfortable approach

What I tested:

  1. Utilize Route53 "Default .2 Resolver" -> Issue: It resolved only to the Public IPs of the ALB
  2. Created Private Hosted Zone with my IdP's URL, and create an A Record Alias to my ALB -> Issue: Again, it resolved only to the Public IPs of the ALB
  3. Created Private Hosted Zone with my IdP's URL, and create an A Record the internal IPs of the ALB's ENIs -> Issue: Internal IP addresses of an ALB may change, hence this is a setup where I need additional coding (e.g. running a Lambda every few minutes to update my PHZ entries)

Looking for any input that may help.

Tópicos
Rede e entrega de conteúdo
Tags
Rede e entrega de conteúdoElastic Load BalancingAmazon Route 53Application Load Balancer
Idioma
English
Andre
feita há um mês832 visualizações
1 Resposta
1
Resposta aceita

You can create an internal NLB and configure the ALB as the target, NLB would give you static IPs:

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/application-load-balancer-target.html

profile pictureAWS
ESPECIALISTA
Tushar_J
respondido há um mês
profile picture
ESPECIALISTA
Oleksii Bebych
avaliado há 18 dias
  • Andre
    há um mês

    Are there any other recommendation that do not lead to additional cost of 1 * NLB per stage?

  • Andre
    há um mês

    Quick update: We are now using this solution. Background: We use anyways a NLB in our setup to have static IPs for the on-prem Firewall. Now we have two communication flows. A) Internet -> ALB -> NLB (Port 444) -> On-Prem IdP; B) AWS resource -> NLB (Port 443) -> ALB -> same NLB (Port 444) -> On-Prem IdP. We utilize a Route53 Private Hosted Zone to resolve IdP domain to NLB internal IPs. Thanks Thushar!

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante