few domains in private subnet behind single alb with ssl

Question

i want to have few domains for ec2 instances with ssl behind alb, 2 of them in private zone,. i have pretty simple config but have no idea how to resolve this What i have:

1 ec2 instance for Frontend app with nginx frontend.example.com
1 ec2 instance for Backend app backend backend.example.com
1 ec2 instance for Frontend DEV with nginx frontend.devexample.com
1 ec2 instance for Backend app backend backend.devexample.com

all instances are in 1 vpc 1 ALB for ssl (with few certs for domains) route53 for domains

at present moment, all 4 instance are in public zone, so domains as aliases point to alb, alb terminates SSL for all domains, alb based on hosts redirects to each instance

what i want: hide backend instances in private zone, but still i want to have access with domain name and still with ssl

as i see this for now: domains through Route 53 point to ALB ALB points to 2 vpc each vpc has front in public subnet and back in private subnet

but in this case i can't write rules for alb to point to host, because it should point to vpc. please help me, any suggestion will be really appreciated.

Answer 1

It is quite common to use separate VPCs for Development and Production. This ensures that the two systems do not impact each other.

The typical configuration is:

• A Load Balancer in the public subnet(s)
• EC2 instances in the private subnet(s)

Normally, a Load Balancer is used to distribute traffic to multiple EC2 instances. If you only have one Front-end instance, then you do not really need a Load Balancer.