AWS Elastic Load Balancing Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 5: Line 5:
* [[AWS Elastic Load Balancing#Subjects|AWS Elastic Load Balancing]]
* [[AWS Elastic Load Balancing#Subjects|AWS Elastic Load Balancing]]


=Elastic Load Balancing V2 Deployment with CloudFormation=
=Load Balancer Operations=


{{Internal|AWS Elastic Load Balancing V2 Deployment with CloudFormation|Elastic Load Balancing V2 Deployment with CloudFormation}}
==Describe Load Balancers==


=<span id='Create_a_Network_Load_Balancer'></span>Create a Network Load Balancer with Amazon Console=
aws [--region ca-central-1 ...] elbv2 describe-load-balancers


{{Note|This network load balancer was created to service ECS FARGATE containers. It must be created '''before''' the [[Amazon_ECS_Operations#Load_Balancing|corresponding FARGATE service is defined]].}}
==Elastic Load Balancing V2 Deployment with CloudFormation==


Go to Amazon EC2 console -> Load Balancers -> Create Load Balancer -> Network Load Balancer.
{{Internal|AWS Elastic Load Balancing V2 Deployment with CloudFormation|Elastic Load Balancing V2 Deployment with CloudFormation}}


==Basic Configuration==
==Create a Network Load Balancer==


Name. For more details about load balancer names, see: {{Internal|AWS_Elastic_Load_Balancing_Concepts#Load_Balancer_Name|Name}}
* [[AWS Elastic Load Balancing Operations Create a Network Load Balancer with Amazon Console|Create a Network Load Balancer with Amazon Console]]


It should not start with "internal-...".
==Test a Network Load Balancer==


Example: "playground-nlb"
curl http&#58;//playground-nlb-85d74951c7b728b3.elb.us-west-2.amazonaws.com:10001/amazons


Scheme. For more details about load balancer scheme, see: {{Internal|AWS_Elastic_Load_Balancing_Concepts#Load_Balancer_Scheme|Scheme}}
==Create an Application Load Balancer==
* [[AWS_Elastic_Load_Balancing_V2_Deployment_with_CloudFormation#Create_an_Application_Load_Balancer|Create an Application Load Balancer with CloudFormation]]


I have used "internet-facing", because this is what I was able to make work. <font color=darkgray>Return here and experiment with "internal", so the service endpoints exposed through load balancer are not publicly available, but only through an API Gateway that will be subsequently configured.</font>.
==Application Load Balancer GetAtt Attributes==


==Listeners==
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html GetAtt]}}


For more details about listeners, see: {{Internal|AWS_Elastic_Load_Balancing_Concepts#Listener|Listeners}}
* DNSName


Use TCP over port 80.
==Connecting Internet-Facing Load Balancer to Private IP Address Targets==


==Availability Zones==
{{Internal|AWS Elastic Load Balancing Connecting Internet-Facing Load Balancer to Private IP Address Targets|Connecting Internet-Facing Load Balancer to Private IP Address Targets}}


For more details see: {{Internal|AWS_Elastic_Load_Balancing_Concepts#Load_Balancer_and_Availability_Zones|Load Balancers and Availability Zones}}
=Register a Target with a Target Group in Command Line=
 
Specify the VPC in which the targets exist.
 
Then, specify at least one, possible more availability zones and one subnet per availability zone. All subnets in which target endpoint services run must be specified here.
 
Elastic IP: <font color=darkgray>Return to Elastic IP.</font>
 
==Security Settings==
 
<font color=darkgray>Refers to TLS configuration, which should be mandatory for public facing load balancers. Return here.</font>
 
==Configure Routing==
 
If this load balancer is created to service ECS FARGATE containers that have not been defined yet, so we don't have enough information to create the corresponding target group. That is fine, at this stage, the relevant target group will be created during the [[Amazon_ECS_Operations#Load_Balancing|ECS Service creation process]]. However, the load balancer cannot be created without a target group, so create a temporary one, which may be deleted later, to satisfy the console workflow.
 
===Target Group===
 
More information about target groups: {{Internal|AWS_Elastic_Load_Balancing_Concepts#Target_Group|Target Group]]}}
 
Target group: New target group
 
Name: to-be-deleted
 
[[AWS_Elastic_Load_Balancing_Concepts#Target_Type|Target type]]: Instance
 
[[AWS_Elastic_Load_Balancing_Concepts#Target_Group_Protocol|Protocol]]: TCP
 
[[AWS_Elastic_Load_Balancing_Concepts#Target_Group_Port|Port]]: 55555
 
<font color=darkgray>If we build this load balancer for an ECS service, we can create the target group in advance, by specifying the name, the protocol (TCP), the port (10001) and the target type "ip".</font>
 
===Health Checks===
 
Protocol: TCP <font color=darkgray>Return here.</font>
 
==Register Targets==
 
===Registered Targets===
 
===Instances===
 
Do not select anything now.
 
Next: Review -> Create.
 
==Information==
 
At this point, after the load balancer is created, selecting it in the load balancer tab provides access to ARN, DNS Name, Hosted Zone ID.
 
==The ECS Service==
 
{{Internal|Amazon_ECS_Operations#Create_a_Service|Create an ECS Service}}


==Follow-Up Tasks==
aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:us-west-2:77777777777:targetgroup/themyscira/4d66315292d681f9 --targets Id=10.7.1.84 Id=10.7.1.151


After the ECS-backed target group is created, come back and delete the "to-be-deleted" target group.
=Listener Operations=


=Test a Network Load Balancer=
aws [--region ...] elbv2 describe-listeners <--load-balancer-arn ... | --listener-arns ...>


  curl http&#58;//playground-nlb-85d74951c7b728b3.elb.us-west-2.amazonaws.com:10001/amazons
  aws --region ca-central-1  elbv2 describe-listeners --listener-arns arn:aws:elasticloadbalancing:ca-central-1:777777777777:listener/app/infinity-test-alb/ac8ae6a4de687154/4c3e44faee30b5d2


=Create an Application Load Balancer=
=Target Groups Operations=


<font color=darkgray>TODO.</font>
<syntaxhighlight lang='yaml'>
Resources:
  ...
  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    #
    # DependsOn is important, I've seen race conditions with the load balancer
    #
    DependsOn: ApplicationLoadBalancer
    Properties:
      Name: !Sub ${Color}-themyscira-tg
      VpcId: !Ref VPC
      Protocol: HTTP
      Port: !Ref ApplicationPort
      TargetType: ip
      HealthCheckProtocol: HTTP
      HealthCheckIntervalSeconds: 60
      HealthCheckTimeoutSeconds: 10
      HealthyThresholdCount: 3
      UnhealthyThresholdCount: 3
      HealthCheckPath: '/actuator/health'
</syntaxhighlight>


=Register a Target with a Target Group in Command Line=
=Troubleshooting=


aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:us-west-2:77777777777:targetgroup/themyscira/4d66315292d681f9 --targets Id=10.7.1.84
==Application Load Balancer Troubleshooting==
{{External|[https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html Troubleshoot Your Application Load Balancers]}}

Latest revision as of 20:56, 1 May 2019

External

Internal

Load Balancer Operations

Describe Load Balancers

aws [--region ca-central-1 ...] elbv2 describe-load-balancers

Elastic Load Balancing V2 Deployment with CloudFormation

Elastic Load Balancing V2 Deployment with CloudFormation

Create a Network Load Balancer

Test a Network Load Balancer

curl http://playground-nlb-85d74951c7b728b3.elb.us-west-2.amazonaws.com:10001/amazons

Create an Application Load Balancer

Application Load Balancer GetAtt Attributes

GetAtt
  • DNSName

Connecting Internet-Facing Load Balancer to Private IP Address Targets

Connecting Internet-Facing Load Balancer to Private IP Address Targets

Register a Target with a Target Group in Command Line

aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:us-west-2:77777777777:targetgroup/themyscira/4d66315292d681f9 --targets Id=10.7.1.84 Id=10.7.1.151

Listener Operations

aws [--region ...] elbv2 describe-listeners <--load-balancer-arn ... | --listener-arns ...>

aws --region ca-central-1  elbv2 describe-listeners --listener-arns arn:aws:elasticloadbalancing:ca-central-1:777777777777:listener/app/infinity-test-alb/ac8ae6a4de687154/4c3e44faee30b5d2

Target Groups Operations

Resources:
  ...
  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    #
    # DependsOn is important, I've seen race conditions with the load balancer
    #
    DependsOn: ApplicationLoadBalancer
    Properties:
      Name: !Sub ${Color}-themyscira-tg
      VpcId: !Ref VPC
      Protocol: HTTP
      Port: !Ref ApplicationPort
      TargetType: ip
      HealthCheckProtocol: HTTP
      HealthCheckIntervalSeconds: 60
      HealthCheckTimeoutSeconds: 10
      HealthyThresholdCount: 3
      UnhealthyThresholdCount: 3
      HealthCheckPath: '/actuator/health'

Troubleshooting

Application Load Balancer Troubleshooting

Troubleshoot Your Application Load Balancers
Retrieved from "https://kb.novaordis.com/index.php?title=AWS_Elastic_Load_Balancing_Operations&oldid=58497"