Application Load Balancer in front of Network Load Balancer

Question

I have a VPC with a public and a private subnet. I want my auto scaling applications to live in the private subnet, so I'll need to access them via a load balancer in the public subnet. These applications also need to talk to each other internally.

I'm trying to use Elastic Beanstalk to create an internal network load balancer in my private subnet, which is pointing to my applications in the private subnet. Then I have manually created a public application load balancer in my public subnet. But it seems that my application load balancer is struggling to route to my network load balancer.

Is this a reasonable set up? I've seen lots of examples of a public facing network load balancing which is pointing to an internal application load balancer, but not the other way around. I've been able to get that to work but I can't redirect http to https at the network load balancer which is why I'd prefer it the other way around. If nothing else I'm thinking to have CloudFront in front of a public, network load balancer in front of a private network load balancer, and then handle the TLS and redirect from CloudFront instead.

Thanks

Answer 1

Is this a reasonable set up? I've seen lots of examples of a public facing network load balancing which is pointing to an internal application load balancer, but not the other way around.

Unfortunately no, that is not a reasonable setup, because it is not supported by AWS. An application load balancer can not forward traffic to another load balancer.

It's unclear from your description why you need a load balancer pointing at another load balancer at all. Your backend service can belong to multiple target groups, so multiple load balancers can forward traffic directly to your service. In other words, the public load balancer can forward traffic directly to your private services, without going through the private load balancer.