Does it make any sense to have a AWS NLB configured with public subnets, but also configure the scheme to be internal?
NLB with public subnet means that it can receive requests from public internet directly.
However, An "internal" NLB is used within a private network and is not accessible from the internet. It has a DNS name that resolves to private IP addresses.
So, if I configure my NLB with
public subnet
scheme "Internal"
It means that NLB is still accessible from public internet, but hackers cannot use the DNS name of the NLB to access it.
If somehow hackers know the public ip address of the NLB, they can still DDoS attach the NLB.
Am I right?
Is there anyway that the NLB's public ip address gets known by hackers?
So, if I configure my NLB with
public subnet
scheme "Internal"
It means that NLB is still accessible from public internet, but hackers cannot use the DNS name of the NLB to access it.
No, you have this wrong. It does not mean that it is accessible from the Internet. A NLB with internal scheme will not be assigned a public IP address, regardless of what type of subnet it is deployed into. It will only have private IP addresses assigned to it from the VPC's CIDR block. There is no way for anything outside of the VPC to access an NLB with an internal scheme.
A public subnet is simply a subnet with a route to an Internet Gateway. Anything in a public subnet can have a public IP address directly assigned to them and be made available on the Internet. However that is not a requirement of all resources in a public subnet, and you can absolutely have resources in a public subnet that do not have a public IP assigned to them.
It doesn't really make much sense to place an internal NLB in a public subnet, you might as well place it in private or isolated subnets.
If you want your NLB to be accessible from the Internet in any way, it has to have the public scheme (so that public IPs will be assigned to it), and it has to be in public subnets (so that it has a direct network route to the Internet).