ALB Routing to Public IP

0

Base Question I have an Application Load Balancer that needs to be able to forward a subset of requests out of AWS to a public IP hosted elsewhere. The research I've done has pointed me towards needing to create a VPN to do this. Is this really needed to route to an external IP? What do I connect the VPN to? Is a VPN the right solution, or is there an alternative solution that I'm overlooking?

Details I support a few different products and due to differences in technology and product age, some need to be hosted outside of AWS. However, there are integration points between products that are inside AWS and outside AWS, and we want users in the latest generation of the newest products to have a streamlined solution where it all fits under the umbrella of one root URL with product specific subdirectories, as in https://cust.somewhere.com/product where product could be one of four options.

Our DNS is hosted in AWS and points at our ALB, where we have rules based on the subdirectory to direct 2 of the product options on to EC2 instances hosted in AWS, while the other 2 product options need to get sent back out of AWS to another hosting provider. Because this routing is based on the subdirectory, DNS isn't helpful as far as I know, and I have to do it from the ALB.

These non-AWS products already are externally accessible on another domain. So, to me I just need to target the public IP used by that other domain's DNS. That other system is already configured and tested ad-hoc to be able to route the domain coming from AWS. But in order to get things routed for real from AWS to an IP outside of my VPC, I have to setup a VPN. Is that valid, or is there a better way?

2 Answers
1

You can not route to Public IPs from ALB. Only below listed targets are supported as of today:

Target type

When the target type is ip, you can specify IP addresses from one of the following CIDR blocks:

  • The subnets of the VPC for the target group
  • 10.0.0.0/8 (RFC 1918)
  • 100.64.0.0/10 (RFC 6598)
  • 172.16.0.0/12 (RFC 1918)
  • 192.168.0.0/16 (RFC 1918)

Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-ip-address-type

profile pictureAWS
EXPERT
answered a year ago
profile pictureAWS
EXPERT
reviewed a year ago
  • Is a VPN the right solution then, or am I overlooking some other networking magic or target type?

  • Targets can be located outside the load balancer’s VPC (this includes Peered VPC, and on-premises targets reachable over Direct Connect or VPN).

0

ALB allows you to redirect to another URL based on paths. You can evaluate that since you mentioned that the other products are accessible on another domain

profile picture
Syd
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions