diff --git a/ecs/awsResources.go b/ecs/awsResources.go
index 71d9d477e..c52b5cf5e 100644
--- a/ecs/awsResources.go
+++ b/ecs/awsResources.go
@@ -421,15 +421,15 @@ func (b *ecsAPIService) ensureVolumes(r *awsResources, project *types.Project, t
 	return nil
 }
 
-func (b *ecsAPIService) ensureLoadBalancer(r *awsResources, project *types.Project, template *cloudformation.Template) {
+func (b *ecsAPIService) ensureLoadBalancer(r *awsResources, project *types.Project, template *cloudformation.Template) error {
 	if r.loadBalancer != nil {
-		return
+		return nil
 	}
 	if allServices(project.Services, func(it types.ServiceConfig) bool {
 		return len(it.Ports) == 0
 	}) {
 		logrus.Debug("Application does not expose any public port, so no need for a LoadBalancer")
-		return
+		return nil
 	}
 
 	balancerType := getRequiredLoadBalancerType(project)
@@ -450,10 +450,21 @@ func (b *ecsAPIService) ensureLoadBalancer(r *awsResources, project *types.Proje
 			})
 	}
 
+	var publicSubNetIDs []string
+	for _, subNetID := range r.subnetsIDs() {
+        isPublic, err := b.aws.IsPublicSubnet(context.Background(), subNetID)
+        if err != nil {
+            return err
+        }
+        if isPublic {
+            publicSubNetIDs = append(publicSubNetIDs, subNetID)
+        }
+    }
+
 	template.Resources["LoadBalancer"] = &elasticloadbalancingv2.LoadBalancer{
 		Scheme:                 elbv2.LoadBalancerSchemeEnumInternetFacing,
 		SecurityGroups:         securityGroups,
-		Subnets:                r.subnetsIDs(),
+		Subnets:                publicSubNetIDs,
 		Tags:                   projectTags(project),
 		Type:                   balancerType,
 		LoadBalancerAttributes: loadBalancerAttributes,
@@ -463,6 +474,7 @@ func (b *ecsAPIService) ensureLoadBalancer(r *awsResources, project *types.Proje
 		nameProperty: "LoadBalancerName",
 	}
 	r.loadBalancerType = balancerType
+	return nil
 }
 
 func (r *awsResources) getLoadBalancerSecurityGroups(project *types.Project) []string {