- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Answer (1):
In AWS ECS, traffic from network interfaces to ECS tasks is routed through a Network Load Balancer (NLB) and target groups. The NLB is configured with target groups that are associated with listeners. These target groups use IP addresses as the target type. The network interfaces attached to ECS container instances have private IP addresses and are associated with specific ECS tasks. When traffic hits the NLB, it is forwarded to the target group, which routes the traffic to the correct target (network interface) based on its IP address. ECS then uses the IP address to identify the corresponding ECS task and processes the traffic accordingly.
Answer (2):
Having records in a public Route53 hosted zone that point to a private Application Load Balancer (ALB) may seem counterintuitive, but it can be a valid configuration depending on your network setup. When a client outside your network queries the public DNS record, it resolves to the private IP address of the ALB. For this to work, the client needs to be on the same network as the ALB or have a network path that allows it to reach the ALB. This could be achieved through a VPN connection, Direct Connect, or some other networking setup. If the client cannot reach the private ALB, it will indeed time out.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 4 Jahren
Thank you very much for the detailed answer. It is extremely helpful.
I just noticed that we are using NLB to ALB via https://aws.amazon.com/blogs/networking-and-content-delivery/using-aws-lambda-to-enable-static-ip-addresses-for-application-load-balancers/ not the new ALB target group.
Is there any benefit to having a NLB in front of the ALB other than IP addresses not changing? I'm just curious as to best practises.
well, using a Network Load Balancer (NLB) in front of an Application Load Balancer (ALB) can provide several benefits beyond the stability of IP addresses: