The Goal: Assign Elastic/static IP's to Load Balancer (LB) to serve EC2 Instances that process DNS (port 53), HTTPS (port 443), HTTP (port 80).
Static IP's are needed to correctly configure DNS records (namely A Records). TLS termination on the backend/server is needed to serve an unlimited & ever changing amount of SSL Certificate's, hence avoiding Amazon Certificate Manager (ACM) as it has limits.
A Classic Load Balancer would allow custom security rules and permit SSL termination on the EC2 Instances. The problem being that Static IP's cannot be assigned to a Classic LB, only to individual instances within it, which doesn't balance the load.
To have static IP’s assigned we could use an Application Load balancer (ALB) with Global Accelerator or a Network Load balancer (NLB); but they both force TLS termination and prevent the instances from serving SSL certs.
Am I missing a slice? I don't even want to eat the cake, I want to share it around. Does anyone have a solution?
