We have an environment setup in AWS and would like to have an ALB with targets in only one AZ and that only appears on IP address in the same AZ. This is required because of some routing rules that we need to ensure that traffic out of one ALB/AZ always hits a particular firewall.
We have tried having targets only in one AZ and this seems to work with NLBs but not ALBs.
Is it possible to have an ALB with targets in one AZ and with a DNS name that only resolves to IP address(es) in the same AZ?
In short, no: If you take a look at the API documentation for CreateLoadBalancer, it states for the requests parameters SubnetMappings.member.N:
[Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets.
and for Subnets.member.N:
[Application Load Balancers] You must specify subnets from at least two Availability Zones.
However, it may be possible for you to add an additional subnet to your VPC which is not used for anything and is maybe exempt from this rule. That depends on your particular goal for your routing/firewall decision.
Although it is kind of deprecated, you can use Classic Load Balancer, this one can scale and work fine in single AZ on layer 7. It also supports layer 4 loadbalancing (the only load balancer type in AWS which supports that) so it can also have additional advatages.
That is probably why it was not fully deprecated in AWS ..
