1

I have an Elasticbeanstalk application running that is externally accessible which works fine. I also have a VPN connection to the VPC via a Cisco 1000v appliance. I have a bind9 DNS server running inside my VPC that forwards to the Amazon VPC dns (x.x.x.2) server. The issue I'm running into is that traffic from my VPN is not routable to the internet, and when queried, the DNS server always returns the public IP address of the ELB (54.x.x.x). This configuration worked until late last week when it stopped working seemingly out of the blue.

Is it possible to have an externally available ELB with DNS an external DNS entry and internal DNS entry? So far all I have been able to find is either external or internal ELBs, not both.

Chris Thompson
  • 165
  • 1
  • 7

1 Answers1

2

Elastic Load Balancers can only be public or private, it cannot be both.

So if you want your ELB to be publicly accessible, then you can only access it via the public IP endpoints. Private endpoints are not available.

As a workaround, you may be able to proxy the internal traffic to the external ELB, or vice versa.

Matt Houser
  • 10,053
  • 1
  • 28
  • 28
  • Ok, that's a bummer but the proxy is what I was starting to think I'd need. I'm curious why this worked for like 6 months before dying on me... – Chris Thompson Sep 01 '16 at 21:58
  • Follow up: is it possible to route traffic coming out of a VPN into a VPC into the internet? I suspect Amazon prevents that but it would be great if not... – Chris Thompson Sep 01 '16 at 22:02
  • Whelp. This is what happens when you get something working and then ignore it for 6 months. I *had* created a proxy and we were using it, we all just forgot about it. The proxy was still using the original config despite running ~10k embedded devices through it so we were getting really high failure rates. – Chris Thompson Sep 01 '16 at 22:29
  • To answer your follow-up, AWS does not support VPN > VPC > Internet configurations. – Matt Houser Sep 01 '16 at 22:47