Is there a way to attach instances in an autoscaling group directly to a Application Load Balancer (ALB) target. My ASG works but they are not attached to the ALB Targets when they are initiated.
The aws_autoscaling_group resource has a target_group_arns option:
https://www.terraform.io/docs/providers/aws/r/autoscaling_group.html
Related
I am trying to load some rest services using cloudformation as ECS Service with Fargate.
I don't want a public domain name for these services. I will access them internally from my AWS Lambda functions.
I realized AWS Fargate needs load balancing and Load balancer needs certificate and certificates needs a domain name.
Probably I am missing something but I tried to load AWS Fargate without a load balancer and I was unable to access it from Lambdas.
The question is; how do I run my services on ECS with Fargate without Load Balancer?
Use ECS Service Discovery to set up private DNS records that allow your application to discover service endpoints without using a load balancer or having to create public DNS records. Service Discovery works by creating private DNS records in Route 53 that are queryable from within your VPC, so that you can find the IP addresses for all of the tasks running in a service. If you're running multiple tasks you will get multiple A records back, one per task, so you will need to do client-side load balancing by picking a random record in the returned set.
The documentation linked above is a little vague so here are some more specific instructions: When creating your service in the console, in Step 2: Configure Network, check the Enable service discovery integration checkbox. Then specify "create new private namespace" and supply a name for your namespace, such as foo.app. Then select the "Create new discover service" radio button, and specify a name for your service (such as service1). Leave the rest of the settings in the Service discovery (optional) section as default.
Now from within your VPC, you'll be able to look up service1.foo.app and get back A records with the IP addresses of all of the tasks running in the service.
This medium article also has a good summary of how to set up service discovery.
I am having a free tier AWS account, I am adding WAF with my LB(load balancer) having one instance on EC2. Currently, the security group has only HTTP 80 port.
My instance is located on the Asia Pacific (Mumbai) region and when I am creating RULE OR Condition for ACL, I am not getting this region there.
So I have tried to make ACL with the different region and without any rule just configure with the load balancer, After creating ACL when I go for Associate the load balancer with ACL, So there is no load balancer shown in the drop down like below:
please help me, Where can be mistake done by me ?
AWS WAF is not supported yet in the Mumbia region, so if your instance and load balancer is in Mumbai you won't be able to use WAF directly:
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
You also can't put your WAF in a different region and connect it to your ALB, that won't work either as you have seen.
The only other option is for you to make use of a Cloudfront distribution in front of your load balancer, and your WAF is then linked to your Cloudfront distribution.
I have a database server on a EC2 instance, I want it to accessible by Elastic Load Balancer cluster.
I tried adding the subnet of the Load Balancer security groups of database EC2.
There must be some way to give whole cluster of EC2 instance created ELB and autoscalling, access to single EC2.
Your question isn't too clear, but it appears your scenario is:
Internet -> ELB -> EC2 fleet -> Database (on EC2 instance)
You have a database running on a single EC2 instance
You have multiple EC2 instances running an application that connect to the database
You have an Elastic Load Balancer that accepts traffic from the Internet and distributes it to the EC2 instances running the application
You should configure the following Security Groups:
ELB-SG: Configure this security group to allow incoming web traffic from the Internet (0.0.0.0/0). Associate the security group to the Load Balancer.
App-SG: Configure this security group to allow incoming web traffic from ELB-SG. Associate the security group with every instance in the application fleet. If the EC2 instances are launched via Auto Scaling, then associate the security group with the Launch Configuration.
DB-SG: Configure this security group to allow incoming traffic from App-SG. Associate the security group to the EC2 instance running the database.
When I say "allow incoming traffic from xxx-SG", I mean that you should enter the name of the incoming security group in the Source field when configuring the security group. This will automatically insert the unique name of the security group (sg-xxxx). It means that any resource associated with the referenced security group will be allowed incoming access on the nominated port.
You should avoid using an IP address or CIDR range in a security group, because they can change (eg if you launch another EC2 instance). By referencing a security group by name, it will automatically update as instances are added/removed.
There is single EC2 instance deployed behind a ELB using Cloud Formation and now I am trying to add cron jobs to crontab by updating CF stack, however after updating the stack I rebooted the server but the changes are not reflecting on the server.
It seems like the application on the server is only rebooted not the OS of the server. When I checked status of ELB after reboot, instance state is out of service and instance state on the EC2 tab is showing running.
Note: There is no autoscaling group attached.
Check if your application on EC2 instance is listening on the port mentioned in loadbalancer.
Looking for advice on the recommended way of setting up autoscaling for a pair of EC2 instances running a Nginx-based web service behind an ELB.
I understand that I'll need to use CloudWatch to monitor my EC2 instances - is it sufficient to save my EC2 instance as an AMI image and then have CloudWatch fire up new instances using that image (with ELB automatically routing requests in round-robin fashion to available instances)?
You can attach your load balancer to your Auto Scaling Group (ASG). When attached, the load balancer automatically registers the newly launched instances in the group and distributes the traffic across them. For adding health checks to the ASG with a load balancer attached to it, you need to:
Go to EC2 console
Choose Auto Scaling Group under Auto Scaling
Select your group and click Actions and then Edit
Select ELB for Health Check Type and set the period (e.g. 300)
Save
Note that an ASG with EC2 health check type will not automatically replace the unhealthy instances. Read more here.