I'll start with describing the architecture of Application Load Balancer:

We have the Application Load Balancer, which contains a list of one or more listeners. Each listener is associated with one specific port and protocol, so that traffic incoming to the load balancer with this port will be handled by this listener. Then, each listener holds a list of rules. A rule specify conditions and actions - basically where to route traffic to. A listener also must have a default action which will be taken if no other condition is met. Usually, this action will be to route traffic to a specific target group.

A target group is a group of either EC2 instances, IP addresses, other Application Load Balancer, or Lambda function.

Furthermore, when you create an Application Load Balancer, it asks you to specify a VPC and list of 2 or more Availability zones, and for each to specify a subnet.

My question now is: Why does AWS asks you to specify this? As far as I understand, the target groups and the registered targets are where you specify the backend of the load balancer, so why do we need to specify the subnets in the ALB configuration?

CodePudding user response：

When you need ALB you must assign an IP address to it. A subnet is nothing more than a range of IP addresses. By placing an ALB inside a subnet, you define which range of IP you desire to be assigned to this resource. Moreover, These subnets allow you to configure different security layers regards the resource inside the subnet for traffic management.

Your target group is located in another subnet with a different range, whereas you can place your ALB in another subnet with a different range.

CodePudding user response：

why do we need to specify the subnets in the ALB configuration?

Because the load balancer itself requires physical network interfaces, which are created in the subnets you specify (one network interface per subnet).