Ssh – AWS VPC ELB vs. Custom Load Balancing

amazon ec2amazon-vpcamazon-web-servicesload balancingssh

So I'm wondering if this is a good idea. I have a Amazon AWS VPC setup with a public and private subnets. So I all ready get the Internet Gateway and NAT. I was going to setup all my web servers (Apache2 isntances) and DB servers in the private subnet and use a Load Balancer/Reverse Proxy to pick up requests and send them into the private subnets cluster of servers. My question then, is Amazons ELB's a good use for these, or is it better to setup my own custom instance to handle the public requests and run them through the NAT using nginx or pound?

I like the second option just for the sake of having a instance I can log into and check. As well as taking advantage of caching and fail2ban ddos prevention, as well as possibly using fail safes to redirect traffic. But I have no experience with their ELB's, so I thought I'd ask your opinions.

Also, if you guys have an opinion on this as well, would using the second option allow me to only have 1 public IP address and be able to route SSH connections through port numbers to respective instances?

Thanks in advance!

Best Answer

It's hard to answer which is better for you, ELB or rolling your own solution.

Like a number of Amazon's services ELB is simply a managed service and it takes the hassle out of having to setup and maintain your own ELB. This can be very appealing, particurally if you don't have the time or resources to do it all yourself.

Behind the scene's Amazon's ELB is just one or more EC2's (configured to act like a load balancer) that auto scale to handle any amount of traffic (although when say scale, it's more a linear scale, burst traffic requires you to pre-warm the load balancers through a support ticket).

ELB has worked in VPC for a few years now:

The popular AWS Elastic Load Balancing Feature is now available within the Virtual Private Cloud (VPC). Features such as SSL termination, health checks, sticky sessions and CloudWatch monitoring can be configured from the AWS Management Console, the command line, or through the Elastic Load Balancing APIs.

If you're keen on having access to the internal workings of your load balancer, and want to do above and beyond the standard load balancing then you have no choice but to roll your own.

I personally like the idea of having the load balancer managed for me. It's easy to setup so you can test it for yourself and see if it meets your needs.