External

• https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/
• https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-securely-publish-internet-applications-at-scale-using-application-load-balancer-and-aws-privatelink/

Internal

• AWS Elastic Load Balancing Concepts
• AWS Elastic Load Balancing Operations

Overview

• It needs at least two public subnets in two availability zones, otherwise ..... This is how you declare public subnets ...

• Declare the ALB by mapping the public subnets as such.

• A full stack that exemplifies this: ....

This must be researched, because of "You can specify either subnets or subnet mappings, not both (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: ValidationError; Request ID: b2aabbb6-6b75-11e9-9307-b1a4f8a4d3a4)"

Subnet mapping becomes relevant when the load balancer is "internet facing", and it has to be configured to handle traffic from the internet. While "Subnets" configuration specifies subnets for targets, "SubnetMappings" configuration specifies the public subnets the internet packets are routed from. Note that simply declaring a load balancer "internet-facing" does not automatically make it publicly accessible. The load balancer must be associated with at least two public subnets, in two different availability zones. This is what Subnet Mappings is for.

For application load balancers, subnets from at lest two availability zones must be specified. Specific Elastic IP addresses cannot be used - because the application load balancer may use different dynamically allocated IP addresses during its life time. For network load balancers, subnets from one or more availability zones can be specified. A specific Elastic IP addresses can be specified, by its allocation ID.