Fork me on GitHub

hi, anyone around and want to hear my aws story?


hey @micha am sure people would love to hear, but because slack loses history maybe better to write it as a blog and share a link here?


it's not really a story, i'm looking for a sanity check of my unerstanding of how various aws things fit together


sure thing, am sure folks will be happy to chime in


i want to make a service that is not exposed to the internet, a cluster of webservers in an ASG behind an internal ELB. i want to have a webserver in each of three availability zones. The webservice will use the private IP address of the client (the source IP of the request) to form its response. It will need to use classic link to be reachable by instances we have that aren't in a VPC yet. This webservice needs to be accessible from all of our VPCs, too.


so my understanding is that i can create a vpc with a subnet in each az, use a NAT device to allow outbound connections to the internet from the instances in the vpc. an asg in the vpc can be created that will create instances in each of the azs, and an internal elb that will be reached by a private ip address (not internet routable). then, classic link can be used to expose the internal elb to the ec2 classic network, and vpc peering can be used to expose it to all the other vpcs we may have


is that more or less legit?


There are bits that are outside my experience, eg. exposing the elb to classic link, but I don't see any red flags


@bhagany: thanks! have you used internal elb before?


like without classic link?


all of our elb's are still on classic, so not really. we treat them as internal, but they are still publicly reachable


yeah same here