- Newest
- Most votes
- Most comments
The ALB is going to use the private IP address of the instances in the target group, not the public IP. The public IPs are managed at the Internet Gateway that does the public-to-private IP NATing.
Best practice for most architectures has only the ALB in a public subnet with public IPs and the instances sitting in a private subnet without public IPs. If the instances need to request services from public endpoints, we use a NAT gateway to proxy these requests.
Hi Santosh, When traffic arrives at your ALB, it gets forwarded to your target group, which is the EC2 instance. As your ALB and EC2 instance are in the same VPC, the traffic will be sent to the private IP of your EC2. If it was to use the public IP, the traffic from ALB would need to the leave the VPC, go to the internet, and then come back in. This would add latency to connection, as well as occur data egress costs. So from an observability point of view, your logs are correct that they are showing the traffic with the private IPs.
Does this answer your question.
Relevant content
- asked 9 months ago
AWS OFFICIALUpdated 3 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
Are the target IP addresses the same as the EC2 private IP addresses?
Do you mean the source or the actual target ip? https://repost.aws/knowledge-center/elb-find-load-balancer-ip#:~:text=In%20the%20navigation%20pane%2C%20under,in%20to%20the%20search%20box.
@Dave, yes, same as EC2 private IP addresses