I have ETL servers in a private subnet in my VPC on AWS. These ETL servers are locked down with specific outbound rules per approved outbound IP addresses. I have a service these ETL tools need to communicate with outside the VPC using TLS1.2/443 that uses a DNS name and not an IP address. Let's say "account.service.com". For this reason, it was suggested I consider using an elastic load balancer in the public subnet as a proxy.
If I send requests to the ELB private IP address from the ETL instance, how do I tell the ELB to send those requests on to "account.service.com"?
Essentially, I want the ELB to work as a tunneling proxy, since I can't specify "account.service.com" in my outbound security group rules in the private subnet.
This is not possible.
Elastic Load Balancers can only send traffic to Amazon EC2 instances, and those instances need to be in the same VPC as the Load Balancer.
You would need to use some other technology (eg Squid proxy) in your Public Subnet to send traffic to a non-EC2 destination.