AWS|AWS Elastic Load Balancing (ELB) AWSElasticLoadBalancing(ELB)

文章图片

EC2 Instances should only allow traffic coming directly from the load balancer.
Therefore, the source of security group rule of your EC2 instances is not an IP range, it's a security group.
So we're going to link the security group of the EC2 instances to the security group of the load balancer, which is an enhanced security mechanism.

1. Classic Load Balancer (CLB)
Step 1: Create an Instance Add the script below into User Data:

#!/bin/bash # Use this for your user data (script from top to bottom) # install httpd (Linux 2 version) yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd echo "Hello World from $(hostname -f)" > /var/www/html/index.html

文章图片

Create / select an existing security group

文章图片

Now we have lauched a new instance

文章图片

Step 2: Create a Classic Load Balancer

文章图片

文章图片

Leave "Create an internal load balancer" unticked, because we want to access it from computer, so we don't keep it private.

文章图片

IPv6 is not supported by CLB

文章图片

文章图片

The path for health check is /index.html
First, we perform a health check at /

文章图片

Copy the public IP in URL and get the response:

文章图片

Which also works well at index.html:

文章图片

So this is the configuration:

文章图片

Add EC2 Instances:

文章图片

Then a new CLB is created successfully

文章图片

Open the URL of DNS name of our CLB, the response is the same as if we had used the public facing IP, which means the CLB is working:

文章图片

Note that one of the reasons why the CLB is out of service is that the rules of security group are not correct, for example, there's no port 80 available on the security group.
Change the inbound rule to tighten the security:
First, delete the existing HTTP rule;
Second, create a new rule with the source being the CLB security group.
In that way, we're allowing any traffic from the security of CLB into the security group of EC2 instances. We want the ELB to access the instances, and we don't want users to directly access the instances.

文章图片

Now if we try to access the public IP of the instances, we get an endless running cycle, but accessing from DNS name of the ELB is still working well.
So now, we can access the EC2 instances only through the ELB. We have enhanced the security. That is a very common pattern in AWS.

文章图片

Add two more instances:

文章图片

Add the new created intances into it:

文章图片

Refresh the page, get a new EC2 instance replying, which means the load balancer is indeed load balancing the requests.
【AWS|AWS Elastic Load Balancing (ELB)】