0

i want to have few domains for ec2 instances with ssl behind alb, 2 of them in private zone,. i have pretty simple config but have no idea how to resolve this What i have:

1 ec2 instance for Frontend app with nginx frontend.example.com
1 ec2 instance for Backend app backend backend.example.com
1 ec2 instance for Frontend DEV with nginx frontend.devexample.com
1 ec2 instance for Backend app backend backend.devexample.com

all instances are in 1 vpc 1 ALB for ssl (with few certs for domains) route53 for domains

at present moment, all 4 instance are in public zone, so domains as aliases point to alb, alb terminates SSL for all domains, alb based on hosts redirects to each instance

what i want: hide backend instances in private zone, but still i want to have access with domain name and still with ssl

as i see this for now: domains through Route 53 point to ALB ALB points to 2 vpc each vpc has front in public subnet and back in private subnet

but in this case i can't write rules for alb to point to host, because it should point to vpc. please help me, any suggestion will be really appreciated.

linlav
  • 97
  • 2
  • 6
  • Can you clarify what do you mean by "can't write rules for alb to point to host, because it should point to vpc. "? in ALB you write listener rules to point to target groups. Not sure what VPCs. – Marcin Jul 23 '20 at 04:36
  • for now listeners directly points to target group with instance , in future i want listener point to target group with whole vpc. maybe its nonsense, could you suggest any other solution to solve this, i am complete newbie in aws and have to solve this problem , so it can be dumb question. @Marcin – linlav Jul 23 '20 at 04:46
  • @linlav Your descriptions are a little confusing. Are you using a single Load Balancer, or are you using one LB for Dev + one LB for Prod? – John Rotenstein Jul 23 '20 at 07:59
  • @JohnRotensteinthanks for trying to help, sorry for confusing :( i have 1 ALB for ssl, i have 4 ec2 instances (1 front dev, 1 front prod, 1 back dev, 1 back prod) – linlav Jul 23 '20 at 13:51

1 Answers1

0

It is quite common to use separate VPCs for Development and Production. This ensures that the two systems do not impact each other.

The typical configuration is:

  • A Load Balancer in the public subnet(s)
  • EC2 instances in the private subnet(s)

Normally, a Load Balancer is used to distribute traffic to multiple EC2 instances. If you only have one Front-end instance, then you do not really need a Load Balancer.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • I have 1 ALB in front of all structure. This ALB is used **only** for terminating SSL for all instances. I have 2 front ec2 (dev and prod) and 2 backend ec2(dev and prod). And i have 2 domains and 2 subdomains. actually this [schema](https://docs.aws.amazon.com/vpc/latest/userguide/images/nat-gateway-diagram.png) is pretty close, but in front of this schema i have ALB with ssl termination. So i don't know : how to correctly point domains on Route53 and what rules i should use for listener for resolving all domains, in case i point all domains to ALB – linlav Jul 23 '20 at 15:16
  • at present moment it does exactly that job, you can specify in rules **host is** and your traffic will be redirected to instance you need. At present moment it works fine in my case and everything is forwarded to each instance, the problem is that schema is not good for now, i want it to reorganize according to aws schema provided earlier – linlav Jul 24 '20 at 05:40
  • Oh, thank you, I didn't know it could do that. My mistake. – John Rotenstein Jul 24 '20 at 07:16
  • The picture ("schema") you linked does not use a Load Balancer. It appears that web servers are accessed directly. – John Rotenstein Jul 24 '20 at 07:17
  • i know, and thats my purpose to modify my schema according to this picture but with ALB and Route53 with 4 domains in front of this schema – linlav Jul 26 '20 at 15:58