- Newest
- Most votes
- Most comments
I have done this several times across clients.
You are correct, you need a public and private hosted zone (split horizon). The Private hosted zone attached to a VPC will take presedence over the public. There is NO fail back to the public zone if records do not exist.
You are also correct, you need an internal load balancer which your private hosted zone points to for its records.
What you also need to do is create new target groups and create the new rules on the internal load balancer directing the traffic to the these new target groups.
You also then have to DUAL Register the ECS Services to the 2nd Target group. You cant do this in the GUI, however you can do this via CLi or code as follows :- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html
This means the External ALB will use one set of TG's and the Internal ALB will use the 2nd Set of target groups. Then create your DNS records in your internal route 53 zone and jobs a gooden. The link above talks about the exact issue you wish to resolve with internal and external load balancer.
This will resolve your issues.
How about creating a private hosted zone with the name api.example.com that includes an alias record for the zone apex that points to the internal load balancer?
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago