AWS Elastic Load Balancing (ELB)

AWS Elastic Load Balancing (ELB)_第1张图片

  • EC2 Instances should only allow traffic coming directly from the load balancer.
  • Therefore, the source of security group rule of your EC2 instances is not an IP range, it's a security group.
  • So we're going to link the security group of the EC2 instances to the security group of the load balancer, which is an enhanced security mechanism.

1. Classic Load Balancer (CLB)

Step 1: Create an Instance

Add the script below into User Data:

#!/bin/bash
# Use this for your user data (script from top to bottom)
# install httpd (Linux 2 version)
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "

Hello World from $(hostname -f)

" > /var/www/html/index.html

AWS Elastic Load Balancing (ELB)_第2张图片


Create / select an existing security group

AWS Elastic Load Balancing (ELB)_第3张图片


Now we have lauched a new instance

AWS Elastic Load Balancing (ELB)_第4张图片


Step 2: Create a Classic Load Balancer

AWS Elastic Load Balancing (ELB)_第5张图片


AWS Elastic Load Balancing (ELB)_第6张图片


Leave "Create an internal load balancer" unticked, because we want to access it from computer, so we don't keep it private.

AWS Elastic Load Balancing (ELB)_第7张图片


IPv6 is not supported by CLB

AWS Elastic Load Balancing (ELB)_第8张图片


AWS Elastic Load Balancing (ELB)_第9张图片


The path for health check is /index.html

First, we perform a health check at /

AWS Elastic Load Balancing (ELB)_第10张图片


Copy the public IP in URL and get the response:

AWS Elastic Load Balancing (ELB)_第11张图片


Which also works well at index.html:

AWS Elastic Load Balancing (ELB)_第12张图片


So this is the configuration:

AWS Elastic Load Balancing (ELB)_第13张图片


Add EC2 Instances:

AWS Elastic Load Balancing (ELB)_第14张图片

Then a new CLB is created successfully

AWS Elastic Load Balancing (ELB)_第15张图片


Open the URL of DNS name of our CLB, the response is the same as if we had used the public facing IP, which means the CLB is working:

AWS Elastic Load Balancing (ELB)_第16张图片


Note that one of the reasons why the CLB is out of service is that the rules of security group are not correct, for example, there's no port 80 available on the security group.

Change the inbound rule to tighten the security:
First, delete the existing HTTP rule;
Second, create a new rule with the source being the CLB security group.

In that way, we're allowing any traffic from the security of CLB into the security group of EC2 instances. We want the ELB to access the instances, and we don't want users to directly access the instances.

AWS Elastic Load Balancing (ELB)_第17张图片


Now if we try to access the public IP of the instances, we get an endless running cycle, but accessing from DNS name of the ELB is still working well.

So now, we can access the EC2 instances only through the ELB. We have enhanced the security. That is a very common pattern in AWS.

AWS Elastic Load Balancing (ELB)_第18张图片


Add two more instances:

AWS Elastic Load Balancing (ELB)_第19张图片


Add the new created intances into it:

AWS Elastic Load Balancing (ELB)_第20张图片


Refresh the page, get a new EC2 instance replying, which means the load balancer is indeed load balancing the requests.

AWS Elastic Load Balancing (ELB)_第21张图片
AWS Elastic Load Balancing (ELB)_第22张图片
AWS Elastic Load Balancing (ELB)_第23张图片

你可能感兴趣的