Creating an Internal Load Balancer

You can create an internal load balancer to distribute incoming network traffic between several instances of a Virtual Private Cloud (VPC).

Creating an Internal Load Balancer Using Cockpit

Before you begin:

  1. Create a VPC. For more information, see Virtual Private Clouds (VPCs).

  2. Create a security group for the load balancer with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security groups of the instances that send it requests.

    • Allow the outbound flows going to all the security groups of back-end instances.

  3. Configure the security group of back-end instances with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security group of the load balancer.

For more information, see Security Groups.

  1. Click Services > Load Balancers.

  2. Click Create .
    The CREATE LOAD BALANCER dialog box appears.

  3. In the Load Balancer Name field, type a name for the load balancer.

    • This name must be unique for the whole Region and follow the domain names rules.

    • It must follow domain name rules. That is, it can contain up to 32 alphanumeric characters or hyphens, but cannot start or end with a hyphen.

  4. From the VPC list, select the VPC in which you want to create the load balancer.
    The Availability Zone list is deactivated.

  5. From the Scheme list, select internal.

  6. From the Subnet list, select the subnet for your back-end instances.

  7. From the Security Group(s) list, select one or more security groups to associate with the load balancer.

  8. Click Create to validate.
    The load balancer is created and appears on the Load Balancers page.
    You can modify the attributes of a load balancer after its creation. For more information see Modifying an Instance Attribute.

Creating an Internal Load Balancer Using AWS CLI

Before you begin:

  1. Create a VPC. For more information, see Virtual Private Clouds (VPCs).

  2. Create a security group for the load balancer with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security groups of the instances that send it requests.

    • Allow the outbound flows going to all the security groups of back-end instances.

  3. Configure the security group of back-end instances with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security group of the load balancer.

For more information, see Security Groups.

To create an internal load balancer, use the create-load-balancer command following this syntax:

Request sample
$ aws elb create-load-balancer \
    --profile YOUR_PROFILE \
    --load-balancer-name my-load-balancer \
    --listeners Protocol=TCP,LoadBalancerPort=80,InstanceProtocol=TCP,InstancePort=58 \
    --subnets subnet-12345678 \
    --security-groups sg-12345678 sg-87654321 \
    --scheme internal \
    --endpoint https://lbu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • load-balancer-name: The name of the load balancer.

    • This name must be unique for the whole Region and follow the domain names rules.

    • It must follow domain name rules. That is, it can contain up to 32 alphanumeric characters or hyphens, but cannot start or end with a hyphen.

  • listeners: One or more listeners for the load balancer. This attribute requires the following elements for each listener:

    To add several listeners, separate each of them with a space.

    • Protocol: The routing protocol of the load balancer (HTTP, HTTPS, TCP ou SSL).

    • LoadBalancerPort: The port on which the load balancer is listening (between 1 and 65535, both included).

    • InstancePort: The port on which the back-end instances are listening (between 1 and 65535, both included).

    • (optional) SSLCertificateId: The OUTSCALE Resource Name (ORN) of an SSL certificate. For more information, see Getting Information About a Server Certificate.

      An SSL certificate is required only if the load balancer protocol is HTTPS or SSL.

      For more information about how to configure your listener when using SSL certificates, see Configuring a Load Balancer for SSL Termination or SSL Passthrough.

  • subnets: The ID of the subnet in which you want to create the load balancer. Regardless of this subnet, the load balancer can distribute traffic to all subnets.

  • (optional) security-groups: One or more IDs of security groups you want to assign to the load balancer. If not specified, the default security group of the VPC is assigned to the load balancer.

  • scheme: The type of load balancer you want to create (here, internal).

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The create-load-balancer command returns the following element:

  • DNSName: The DNS name assigned to the load balancer.

Result sample
 {
    "DNSName": "my_load_balancer_1234567890.lbu.eu-west-2.outscale.com"
}

Related Pages

Corresponding API Method

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.