Home / server / Questions / 1022917
Accepted
user2449397
Asked: 2020-06-26 06:20:37 +0800 CST

Is it possible to communicate to an ALB through an internal endpoint?

  • 772

Setup

We have an ECS cluster with 2 services (called portal-ECS-service and graph-ECS-service). Each have an ALB (portal-ALB and graph-ALB respectively).

The setup is this:

End user <-> portal-ALB <-> portal-ECS-service <-> graph-ALB <-> graph-ECS-service

Notes

  • everything is in the same VPC
  • graph-ALB has Scheme: internal
  • when communicating from portal-ECS-service to graph-ALB we use as the endpoint graph-ALB.us-west-2.elb.amazonaws.com

Problem

We pay a very large amount (~$50 / day) in DataTransfer-Out-Bytes.

Question

I've read that high DataTransfer-Out-Bytes costs can often be solved by using Internal IP instead of public DNS endpoint.

Is it possible to communicate to an ALB internally without going through the public DNS endpoint? In our case, can we have portal-ECS-service <-> graph-ALB communication without paying high DataTransfer-Out-Bytes costs?

Thank you very much in advance.

amazon-web-services aws-cost-explorer amazon-elb

1 Answers

  1. Best Answer

    If you don't need external access to the graph-ALB you can make the ALB internal - then it will only have private IPs.

    ELB Internal

    To reduce your data transfer costs even more try to limit the cross-AZ traffic (internal traffic between Availability Zones in the same VPC costs $0.02/GB). One way is to disable cross-account access in the ALB config:

    Cross-AZ ELB

    Check out this for some more discussion: Why should I ever limit a load balancer to a specific availability zone (AWS)?

    Hope that helps :)

    • 5