We have AWS Direct connect and routing set up to allow connectivity from on-premise to the VPCs and the other way around.
We need to access some application running on multiple EC2 from on-premise network only and not from internet.
My understanding is that we need:
- DNS forwarding to a private Route 53 Hosted zone which will resolve all request to a
- Internal ELB (not external) which in turn will serve request to the application hosted on private subnet EC2s.
So I do not see any need for any public Route 53 zones and no need for an external ELB.
Is my understanding correct or am I missing something about this architecture?