Home/ Questions/Q 8157477
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T17:17:54+00:00

Does anyone know how AWS ELB with SSL work behind the scenes? Running an

  • 0

Does anyone know how AWS ELB with SSL work behind the scenes? Running an nslookup on my ELB’s domain name I get 4 unique IP addresses. If my ELB is SSL enabled, is it possible for AWS to share these same IPs with other SSL enabled ELBs (not necessarily owned by me)?

As I understand it the hostname in a web request is inside of the encrypted web request for a https request. If this is the case, does AWS have to give each SSL-enabled ELB unique IP addresses that are never shared with anyone else’s SSL ELB instance? Put another way — does AWS give 4 unique IP addresses for every SSL ELB you’ve requested?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Does anyone know how AWS ELB with SSL work behind the scenes? […] Put another way —
    does AWS give 4 unique IP addresses for every SSL ELB you’ve
    requested?

    Elastic Load Balancing (ELB) employs a scalable architecture in itself, meaning the number of unique IP addresses assigned to your ELB does in fact vary depending on the capacity needs and respective scaling activities of your ELB, see section Scaling Elastic Load Balancers within Best Practices in Evaluating Elastic Load Balancing (which provides a pretty detailed explanation of the Architecture of the Elastic Load Balancing Service and How It Works):

    The controller will also monitor the load balancers and manage the
    capacity […]. It increases
    capacity by utilizing either larger resources (resources with higher
    performance characteristics) or more individual resources. The Elastic
    Load Balancing service will update the Domain Name System (DNS) record
    of the load balancer when it scales so that the new resources have
    their respective IP addresses registered in DNS    . The DNS record that
    is created includes a Time-to-Live (TTL) setting of 60 seconds,[…]. By default, Elastic Load Balancing will return multiple IP
    addresses when clients perform a DNS resolution, with the records
    being randomly ordered […]. As the traffic
    profile changes, the controller service will scale the load balancers
    to handle more requests, scaling equally in all Availability Zones.     [emphasis mine]

    This is further detailed in section DNS Resolution, including an important tip for load testing an ELB setup:

    When Elastic Load Balancing scales, it updates the DNS record with the
    new list of IP addresses. […] It is critical that you factor this
    changing DNS record into your tests    . If you do not ensure that DNS is
    re-resolved or use multiple test clients to simulate increased load,
    the test may continue to hit a single IP address when Elastic Load
    Balancing has actually allocated many more IP addresses. [emphasis mine]

    The entire topic is explored in much more detail within Shlomo Swidler’s excellent analysis The “Elastic” in “Elastic Load Balancing”: ELB Elasticity and How to Test it, which meanwhile refers to the aforementioned Best Practices in Evaluating Elastic Load Balancing by AWS as well, basically confirming his analysis but lacking the illustrative step by step samples Shlomo provides.

    • 0