4

We have an environment setup in AWS and would like to have an ALB with targets in only one AZ and that only appears on IP address in the same AZ. This is required because of some routing rules that we need to ensure that traffic out of one ALB/AZ always hits a particular firewall.

We have tried having targets only in one AZ and this seems to work with NLBs but not ALBs.

Is it possible to have an ALB with targets in one AZ and with a DNS name that only resolves to IP address(es) in the same AZ?

theduck
  • 213
  • 2
  • 7
  • Based on the limited information given I suggest you consider setting up an instance with Nginx or HAProxy a load balancer. – Tim Jun 07 '18 at 17:04

1 Answers1

4

In short, no: If you take a look at the API documentation for CreateLoadBalancer, it states for the requests parameters SubnetMappings.member.N:

[Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets.

and for Subnets.member.N:

[Application Load Balancers] You must specify subnets from at least two Availability Zones.

However, it may be possible for you to add an additional subnet to your VPC which is not used for anything and is maybe exempt from this rule. That depends on your particular goal for your routing/firewall decision.

M. Glatki
  • 1,964
  • 1
  • 17
  • 33
  • 2
    This is what we suspected. In the end we solved the problem by having the ALBs in two subnets in two AZs with the routing of both the subnets back to the firewall. It's not perfect but it does work until we sort our application out. – theduck Jun 08 '18 at 10:31