Deploying Elastic Load Balancing in Amazon VPC

Amazon Virtual Private Cloud (VPC) lets you define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud.

You can define subnets within your Amazon VPC so that you can group similar kinds of instances based on their IP address range. To load balance your EC2 instances in Amazon VPC you can register the load balancers in multiple Availability Zones by specifying one subnet in each Availability Zone to attach the load balancer to. Because a subnet is created for an Availability Zone, specifying the subnet to attach your load balancer to also ensures that the load balancer is configured to listen to requests in the corresponding Availability Zone. You have complete control of this virtual network, and you can use advanced security features and network access control at the instance level and subnet level.

For more information on Amazon VPC, go to Amazon Virtual Private Cloud User Guide. For information on Amazon VPC subnets, go to Your VPC and Subnets.

When you attach your load balancer to a subnet, you are defining the subnet that traffic should enter through in order to forward the request to registered instances. The registered instances do not need to be in the same subnet that you attach to the load balancer. In order to ensure that your load balancer can scale properly, the subnet that you attach the load balancer to should be at least a /25 CIDR block and should have enough free IP addresses to scale.

Elastic Load Balancing on Amazon VPC works mostly in a similar manner as in Amazon EC2 and supports the same set of features. There is however a significant difference between the way the security groups function on Amazon VPC and Amazon EC2. Within Amazon VPC, you have complete control over the security groups assigned to your load balancer. Unlike in EC2, your load balancer is not a member of a security group that is automatically created; it is only a member of the security groups that you specify. Having complete control over the security groups allows you to choose the ports and protocols to accept. For example, in VPC you can open Internet Control Message Protocol (ICMP) connections for the load balancer to respond to ping requests (however, ping requests will not be forwarded to any registered instances).

	Note
	IPv6 support is not currently available for load balancers in Amazon VPC.

	Note
	Dedicated tenancy VPCs are not currently supported by Elastic Load Balancing.

This section walks you through the process of creating, accessing, and managing your load balancers on Amazon VPC.