5

I have set up an AWS ALB for my application. The ALB is connected to AWS ECS cluster which has 2 instances. The 2 instances are in private subnets. When I resolve the IP of the ALB DNS name, I get 2 IPs. Those IPs can be used to access my application.

What are those IPs? I can't find any of those IPs in the ALB console or in the ECS console.

I'm planning to create my own domain name for this ALB and I'm not using AWS Route53. I'm planning to use my own domain name or a subdomain that I already have. So I wanted to check whether these IPs are the IPs of ALB or my underlying EC2 instances.

Any info about ALB IPs would be appreciated.

Fer Dah
  • 224
  • 1
  • 8
Neron Joseph
  • 277
  • 4
  • 10
  • I think that you have two subnet in difference zones and the Loadbalancer uses a private ip to comunicate with the instance located in that subnet – c4f4t0r Nov 21 '18 at 09:45

1 Answers1

4

ALB is a middle man between your users and your servers. The users connect to the ALB on ALB’s public IP addresses and the ALB then connects to your ECS servers over the private IPs.

The IP addresses you see when you resolve the ALB hostname are the Public IPs. That's what your users need to connect to to use your service and that's what ultimately must be resolved by your domain name (say demo.example.com).

However do not put the actual IPs that you resolved to your demo.example.com DNS record!! The ALB IPs will change over time based on load and other factors!

The correct way is to create a CNAME record pointing to the ALB hostname. AWS automatically updates the IPs in the ALB DNS record whenever they change and because your demo.example.com only refers to the ALB hostname and not to the actual ALB IP addresses everything will work as expected.

So what you need is to create:

demo.example.com. CNAME your-alb-abcdefgh.us-east-1.elb.amazonaws.com.

Then when your users try to resolve demo.example.com they will get an answer that says "I don't know the IPs, resolve your-alb-abcdefgh.us-east-1.elb.amazonaws.com instead.". And resolving your-alb-...elb.amazonaws.com will then return the current valid ALB IP addresses.

I know it may be a bit confusing if you only have a limited experience with DNS. Feel free to ask for clarification :)

Update: You see 2 external IPs because ALB must be in at least 2 different subnets for high availability. You have selected the subnets when you created the ALB:

ALB Availability Zones

You can select more Availability Zones / Subnets, in which case you'll have more Public IPs. But 2 is a minimum.

Hope that helps :)

MLu
  • 23,798
  • 5
  • 54
  • 81
  • So, why I'm I seeing 2 IPs? I have EC2 instances in 2 subnets (on different Availability zones) which is connected to the ALB. Is that the reason? If I have instances in all 3 subnets (3 AZs), do I see 3 IPs for my ALB? – Neron Joseph Nov 22 '18 at 02:04
  • @NeronJoseph It's because ALB must be in at least 2 availability zones / subnets, each with its own public IP. Updated the answer with explanation. – MLu Nov 22 '18 at 02:22
  • Okay. I have specified all 3 subnets/AZ while creating the ALB and used only 2 subnets for ECS cluster creation. So ALB targets are only in 2 AZ/subnets. Is that why it has 2 IPs or ALB will always have 2 IPs? What I meant is, if I choose all 3 subnets will ALB resolve to 3 IPs? (just a doubt). – Neron Joseph Nov 22 '18 at 02:46
  • @NeronJoseph I *think* it will expand to the 3rd AZ when needed. Either when you've got ECS in all 3 AZs or when you've got such a high load that it requires new ALB instance (that's all transparent). However none of this really matters - **never** use the ALB IPs directly anywhere, they change often. Only ever use the ALB hostname or your own domain with CNAME record for the ALB hostname. – MLu Nov 22 '18 at 02:51