The Problem

Oh the joys of using the Amazons ELB. Now the heading for this section is “The Problem,” but to be honest, the only problem is that you ain’t set that thing up yet. ELB is awesome sauce incarnate. A few mousy pointy clickies and you have a load balancing monster that handles SSL, port translation, fails overs, multiple availability zones, and jillions of instances. Its bliss. Amazon where have you been all might life?

So lets get started!

How to get there

The first thing you want to do is navigate to the Load Balancer page. From the top left menu:

Services → __EC2 __ Find __Load Balancers __ along the left side menu and click.

… crack your Monster, take a pull

Click Create Load Balancer, the wizard will walk you through the details of setting up your load balancer.

Define that Balancer

Fill in the name, then drop down the Listener Configuration: table. We are configuring this load balancer to be the SSL termination point, so we will speak to the outside world you HTTPS on port 443. Internally can speak to our servers over port 80.

Load Balancer Protocol Load Balancer Port Instance Procotol Instance Port
HTTP 80 HTTP 80
HTTPS 443 HTTPS 80

The app we are serving uses a policy of Strick Transport Security; however, I want to do a permanent redirect at the Nginx level from HTTPHTTPS. For this reason, we configure the load balancer to listen on port 80.

Selecting Certificate

Click here to create a self signed certificate for use with your test, development or stagin’ environments. I omit production, because the only person I know who would do that is one of these guys.

Click here to purchase a production cert. Don’t be a cheap ass, this is your domain’s credibility we are talking about here.

Got SSL? Tick the “Upload a new SSL Certificiate” type.

Follow these instructions to add your certificate

NOTE: You may use existing SSL certs for future ELBs.

I digress, Continue!

Cipher

Continue!

Health Check

The app I am going to run forces connections over HTTPS, so I change the protocol to HTTPS. I do not change the port to 443 because I am communicating to my instance over port 80. This is an internal health check. The path is set “/”, the timeouts internals and thresholds stay default.

Continue!

Security Group

This is pretty important don’t you think?

In development mode, I may be cavalier a little about ingress and egress data, ports and security. I create a group that allows ports 80, 443 from the world. Maybe some other ports. Who knows?

In production mode, I batten down the hatches. The only ports exposed to the world are 80 and 443. Period.

Oh… security groups? We do that stuff right cheeya!

Click here for more info on AWS security groups

Adding Instances

Hopefully you have created some instances, if not go do that. Select the instances that you want balanced.

Keep the defaults, jerk.

ELB distributes traffice evenly accross zones by default.

Connection draining is the process of allowing existing connections to finish when you deregister an instance. You can consider this a graceful deregistration of your EC2 instance.

Review

Double check your settings and Create.

Yeehaw! Time to get TechCrunched cause you just built yourself a Web Scale No Fail Whale.

Follow Up

Now, just hold on there tubby, we let’s peep some of these things.

First and foremost, contratulations you did it!

Look at DNS Name: under the Description tab. That is the url you paste into your world wide web browser.

Under Instances you would see the EC2 instance(s) you are balancing. If the health check is set up properly, and the instance and app are running, this should say “InService”. If it says “OutOfService” you may want hold off on posting to HackerNews.

The other tabs are fairly straight forward. If this is a sandbox, go and break stuff! Otherwise, click around and see what’s what.

AWS has a little information on EC2. So if you need assistance or can’t sleep, check it out here



blog comments powered by Disqus

Published

26 March 2014

Tags