Can VPC endpoint service route traffic to an internal Application Load Balancer (ALB)?
Asked
Active
Viewed 3,351 times
-1
-
What do you mean by "VPC endpoint service for an ALB"? Are you referring to a VPC Endpoint that allows resources inside the VPC to make API calls to the Elastic Load Balancing service to create/update/delete Load Balancers without requiring access to the Internet? Or are you wanting to send traffic to Load Balancer _via_ a VPC Endpoint? – John Rotenstein Aug 14 '22 at 03:26
-
I wanted to send traffic from service consumers to my ECS application via an internal ALB. ECS and ALB are deployed in VPC A, and the consumers are in VPC B. – Sanju Thomas Aug 14 '22 at 03:38
-
2So your goal is to to allow resources in VPC B to access the Load Balancer in VPC A? This sounds more like VPC Peering than VPC Endpoints, unless you are wanting to create a PrivateLink connection between the VPCs? – John Rotenstein Aug 14 '22 at 04:13
-
Thanks, @JohnRotenstein - Do you know why we can't route the traffic VPC endpoint services can't use route the traffic to an ALB? Why would we need an NLB for that? – Sanju Thomas Aug 14 '22 at 14:14
2 Answers
2
Do you see where it says "No Network Load Balancers ... available"? That's because it only supports Network Load Balancers.
You would have to put a Network Load Balancer in front of the Application Load Balancer, and then configure the VPC Endpoint to send traffic to the Network Load Balancer.
Mark B
- 183,023
- 24
- 297
- 295
0
It works for TCP (non-SSL) traffic but it does not seem to work for TLS (SSL) listener. Looks like TLS target group in NLB is not supported for ALB targets. The target group does not show up in list if protocol is selected as TLS.
