4

Setup

We have an ECS cluster with 2 services (called portal-ECS-service and graph-ECS-service). Each have an ALB (portal-ALB and graph-ALB respectively).

The setup is this:

End user <-> portal-ALB <-> portal-ECS-service <-> graph-ALB <-> graph-ECS-service

Notes

  • everything is in the same VPC
  • graph-ALB has Scheme: internal
  • when communicating from portal-ECS-service to graph-ALB we use as the endpoint graph-ALB.us-west-2.elb.amazonaws.com

Problem

We pay a very large amount (~$50 / day) in DataTransfer-Out-Bytes.

Question

I've read that high DataTransfer-Out-Bytes costs can often be solved by using Internal IP instead of public DNS endpoint.

Is it possible to communicate to an ALB internally without going through the public DNS endpoint? In our case, can we have portal-ECS-service <-> graph-ALB communication without paying high DataTransfer-Out-Bytes costs?

Thank you very much in advance.

user2449397
  • 143
  • 4

1 Answers1

5

If you don't need external access to the graph-ALB you can make the ALB internal - then it will only have private IPs.

ELB Internal

To reduce your data transfer costs even more try to limit the cross-AZ traffic (internal traffic between Availability Zones in the same VPC costs $0.02/GB). One way is to disable cross-account access in the ALB config:

Cross-AZ ELB

Check out this for some more discussion: Why should I ever limit a load balancer to a specific availability zone (AWS)?

Hope that helps :)

MLu
  • 24,849
  • 5
  • 59
  • 86
  • 1
    This is very clear, thanks MLu! One additional note on your answer: "With Application Load Balancers, cross-zone load balancing is always enabled." (source: https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html) – user2449397 Jun 26 '20 at 08:31