Attach Private load balancer to EC2

Hi, For your scenario, where you have a Gateway communicating with a Broker over a public Load Balancer (LB) and a HES (possibly a backend service) communicating with the Broker internally over a private LB, you will indeed need to set up two separate load balancers: one public and one private. The public LB will route external traffic to your Broker, while the private LB will facilitate internal communication between your HES and the Broker without exposing it to the public internet. You've mentioned using a Classic Load Balancer, but it's also worth considering newer types of load balancers offered by AWS, such as the Application Load Balancer (ALB) and Network Load Balancer (NLB), depending on your requirements. I recommend using ALB and you can very much create the internal ALB as shown in the screenshot below: Below are the remaining considerations:

• Create Internal Load Balancer: Ensure to select the internal option during setup, choosing the appropriate VPC and subnets without internet access.
• Configure Security: Adjust security groups to allow necessary traffic between your HES and the load balancer, and ensure NACLs permit the same.
• Setup Target Groups: Create and configure target groups (for ALB and NLB), registering your EC2 instances as targets.
• Implement Health Checks: Configure health checks to monitor the availability of your EC2 instances and ensure traffic is only routed to healthy instances.

Hope this is helpful. Please accept as answer if it helps.