I just start to learning AWS for a few days. I'm confusing about the way ELB distribute the traffic which from the internet. For example, if I have four ec2, two in the public subnet and others in the private subnet, and I use the classic load balancing to connect the public subnet to the external internet.
Question: how does the classic load balancing connect to the ec2 that I deployed in the private subnet? Should i set up a internal load balancing between the public and private subnet to achieve that?
Best Answer
If you want to load balance between your front web tier and a back end tier you would need a load balancer between the public and private subnets. The public ELB does not connect to the private subnet.
A feature of having a private subnet is that it isn't accessible from the internet, regardless of any load balancer - note that as per Michael's comment below that isn't a precise definition, it's a simplification. Any pattern where you can access a private subnet from the internet via a load balancer means that subnet is open to the internet, and is essentially public. Someone with extensive IT knowledge and experience might choose to design a network that way in some special circumstances, but it's not standard.
If the desire is to limit the number of load balancers, then a load balancer in a public subnet, targeting instances in a private subnet is a viable option. Those instances should not have public IP addresses. If the web servers pass traffic to other instances, such as application or database servers, those other instances should a security group that only accepts traffic from the web server tier security groups.
There's a useful article on AWS VPCs and public / private subnets here.