By using AWS re:Post, you agree to the Terms of Use

Private Instance and Public ELB HTTPS Problem.


My VPC structure looks like this: VPC: 1 Public Subnet : 2 (1 Public Instance in each Subnet) Public ELB : 1 (Public ELB for Public Instance above) Public Subnet : 1 (for NAT Gateway) Private Subnet : 1 (1 Private Instance)

Here, the Private Instance should connect to the Public ELB. At this time, HTTPS communication should be established between the Private Instance and the Public Instance behind the ELB, but HTTPS communication is not possible because the Public ELB is playing an intermediate role. How can I solve the problem? Or is the structure wrong?

2 Answers


Is the direction of the request below?

Private EC2 -> NAT Gateway -> Internet -> ELB -> Public EC2

  • If your ELB has an SSL certificate installed, you can.
  • If you want to use SSL when sending requests directly to EC2 with a private IP address within the VPC, you need to install an SSL certificate on EC2.
profile picture
answered 13 days ago

Thanks for the detailed description.

If you don't want ELB to terminate HTTPS connection (i.e. use the certificate installed in the backend EC2), you could consider using NLB with TCP:443 listener [1]. Otherwise, importing and associating a certificate [2] with ELB will also work.

As a side note, moving back-end instances to private subnets ensures that clients only access your service through the ELB. [3][4]




[4] "Both internet-facing and internal load balancers route requests to your targets using private IP addresses. Therefore, your targets do not need public IP addresses to receive requests from an internal or an internet-facing load balancer." -

answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions