AWS ALB resolves to 2 IPs. What are they?

Solution 1:

ALB is a middle man between your users and your servers. The users connect to the ALB on ALB’s public IP addresses and the ALB then connects to your ECS servers over the private IPs.

The IP addresses you see when you resolve the ALB hostname are the Public IPs. That's what your users need to connect to to use your service and that's what ultimately must be resolved by your domain name (say demo.example.com).

However do not put the actual IPs that you resolved to your demo.example.com DNS record!! The ALB IPs will change over time based on load and other factors!

The correct way is to create a CNAME record pointing to the ALB hostname. AWS automatically updates the IPs in the ALB DNS record whenever they change and because your demo.example.com only refers to the ALB hostname and not to the actual ALB IP addresses everything will work as expected.

So what you need is to create:

demo.example.com. CNAME your-alb-abcdefgh.us-east-1.elb.amazonaws.com.

Then when your users try to resolve demo.example.com they will get an answer that says "I don't know the IPs, resolve your-alb-abcdefgh.us-east-1.elb.amazonaws.com instead.". And resolving your-alb-...elb.amazonaws.com will then return the current valid ALB IP addresses.

I know it may be a bit confusing if you only have a limited experience with DNS. Feel free to ask for clarification :)

Update: You see 2 external IPs because ALB must be in at least 2 different subnets for high availability. You have selected the subnets when you created the ALB:

You can select more Availability Zones / Subnets, in which case you'll have more Public IPs. But 2 is a minimum.

Hope that helps :)