Application Load Balancers | How to create an internet facing load balancer in AWS?
ฝัง
- เผยแพร่เมื่อ 14 ต.ค. 2024
- This video explains how to setup an Application load balancer in AWS and load balance the data between servers behind private subnets.
start-up script:
#!/bin/bash
yum install httpd -y
systemctl enable httpd
echo "This is instance1" (greater than symbol) /var/www/html/index.html
systemctl start httpd - วิทยาศาสตร์และเทคโนโลยี
![โรงเรียนดัดสันดาน นักเรียนเถื่อน..!! [โรงเรียนไดเม่]](http://i.ytimg.com/vi/vRKPeXn4Fl4/mqdefault.jpg)
I'm going to try this out now. What I like about this video is that its recent with the latest AWS console. Also it uses the ALB where other videos use the CLB. And lastly it explains why a public subnet is used in this video if mostly what this video is about is the private subnet. Well done!
Thanks a ton for your support!
Hi there, I followed your video step by step and got both EC2 instances as failed helth checks. Here is what I did, I used the new console to setup a VPC of 2 public and 2 private subnets. The security group on the private subnets are:
Inbound:
1. ssh port 22 inbound from my IP
2. TCP 80 inbound from ALB security group
Outbound
1. Allow alltraffic outbound 0.0.0.0/0
ALB security group
Inbound
1. inbound allow all traffic 0..0.0.0/0
outbound:
1. outbound all all traffic 0.0.0.0/0
2. outbound TCP 80 to webserver 1 security group
3. outbound TCP 80 to webserver 2 security group
Health check status is as follows
Protocol HTTP
Port 80
Path /
Healthy Threshold: 5 consecutive health check successes
Unhealthy Threshold 2 consecutive health check fails
Timeout 5 seconds
Interval 30 seconds
success code :200
The NAT gateway is in public subnet 1
IGW is associated with the VPC
The route table associated with private subnet 1 has the following entries
1. 10.0.0.0/16 local
2. 0.0.0.0/0 Nat-gateway
The route table associated with private subnet 2 has the following entries
1. 10.0.0.0/16 local
2. 0.0.0.0/0 Nat gateway
The route table associated with the public subnet 1 has the following entries
1. 10.0.0.0/16 local
2. 0.0.0.0/0 internet gateway
The route table associated with the public subnet 2 has the following entries
1. 10.0.0.0/16
2. 0.0.0.0/0 internet gateway
ALB is associated with the two public subnets
ALB;s target group is the intsaces in the private subnet
I get both instances as unhealthy. Please could you help me? Thanks Happy to even share my WS account credentials for you to jump in and have a look.
Hi Vinay,
Apologies for the delayed response, I dint notice your comment earlier..
You seem to have done everything correctly.
The only thing am doubting is the startup script in the EC2 instance. If you had copied the contents in the description, please ensure that you did replace '(greater than symbol)' with the actual symbol. TH-cam wouldn't allow be to use '>' symbol in the description (i think it might mess up their html tags).
Let me know if that makes it work.
You could even try looking at the ec2 instance logs, that could give more information on the startup script execution.
@@listentolearn2363 spot on troubleshooting this 2 weeks ago I realised there was something wrong with the script upon fixing this it worked. You earned a new subscriber :) can you also make video of deploying in cloudformation and terraform instead of manually it will help greatly :)
great, thanks for letting me know.. :) sure..
The explanation is such high quality and no-nonsense. This channel deserves more views.
awesome, thanks for the encouraging words!
Excellent tutorial; you clearly explained the NAT and IGW components, as well as how to configure all routes 👍, Thank you; this tutorial has been greatly useful to me.
Great to hear! Thanks for your support :)
This is the best video I’ve come across that does an excellent job explaining this topic. You’re amazing
Wow, thank you! :)
Your video was very thorough in explaining this. I have a question for you, 1-Would this have worked without the NATG?
2-Would this be possible with using an Gateway Endpoint instead of the NATG? and lastly
3-What if I decided not to use either the NATG or Gateway Endpoint, would it have still worked?
I appreciate your insight and I just subscribed and turned on notifications for all your posts. Please do be encouraged and continue to deliver amazing videos with clear and detailed descriptions.
Thanks again! :) and here are my thoughts on your questions -
1. No, because the instances are in private subnets and it needs internet connectivity to install the start up script.
2. No, because the gateway endpoint allows connectivity only to s3 and dynamodb from a vpc but not to internet.
3. The problem would have been with the start up script. However, this is just a demo and in real world, if you are not actually initiating any internet connection and you are communicating only through the LB (which will be the case most the times) then you wouldn't need either of them. Also, if you want to avoid the start up script, you could use a pre built image with the required softwares installed to provision the instance.
Let me know if you have any follow up questions :)
@@listentolearn2363 Thank you so much. this makes perfect sense. Thank you. Looking forward to more videos.
Excellent and especially clear tutorial. A lot of thanks for instructor. This tutorial was very useful for me.
Glad it was useful for you :) Thanks Matti.
wow! entire AWS ALB demystified in 15mins such that even my 12 yo can understand. Thank
you so much for explaining this in a simple and easy approach.
Thank you so much for your support! Glad it was helpful! :)
Thank you very much for this excellent tutorial! It helped me a lot 👍
Glad to hear that! You're welcome :)
Thank you but in the begining of the video you're talking about private subnet but we doesn't link EC2 to them, so I'm a little bit lost. Why we create EC2 instance in public subnet?
You just saved my motivation from assassination by frustration !!! 🐱👤 It was beautifully explained, cleared my doubts :)
awesome, thanks for the encouraging words!
Thanks for sharing this video. The concept has been covered but not with clear information's. say example - EC2 instance has created without adding tag , NAT gateway has not used too but it's created in this video.
you're welcome.. NAT gateway is indeed used to establish network connectivity from private subnets.
Well Done LTL!
Thanks Stephen!
This was a great explanation! So what could be the issue if the target group is reporting unhealthy instances. Thanx.
Could you please check the below settings -
1. The security group associated with the servers allows port 80 access from LB security group
2. The security group associated with the LB allows port 80 access from 0.0.0.0
3. The NAT gateway and Internet gateways are attached to the private and public subnets respectively
4. The health checks are configured correctly with appropriate settings as shown
@@listentolearn2363 Thank you for your feedback. I actually figured it out. I hadn't launched my instances separately. Once I did that everything started to report healthy.
Great! I have a question, what if you created those four subnets within four different availability zones ? will it work?
sure, you can extend this to 4 azs and 4 subnets.
@@listentolearn2363yes, it may involve cross-AZ traffic. Cross-AZ traffic can incur additional data transfer costs compared to instances within the same AZ If I am not wrong
Yeah, is amazing tutorial, thank you very much!
Glad you liked it! :)
Really Very Nice explained 😊
Thanks a lot 😊
Great presentation :)! Subscribed ;)
Awesome, thank you! :)
Have a question! Since we're not using the public subnet except for the ALB (and of course NAT Gw for EC2 in Private Subnets to get access to Internet...), I am wondering the need of the Internet GW? For me the IGW would be usefull if we need internet access for EC2 in public Sub... but in this case there is no EC2 in pub sub
Good question!
NAT gw is still dependent on the IGW for internet access (reference: aws.amazon.com/premiumsupport/knowledge-center/nat-gateway-vpc-private-subnet/)
AWS has removed IGW dependency on NAT only for private communications (reference: aws.amazon.com/about-aws/whats-new/2021/06/aws-removes-nat-gateways-dependence-on-internet-gateway-for-private-communications/)
More about NAT gw here, if you are interested (th-cam.com/video/NLgiUuGEHlY/w-d-xo.html).
👋 Covered topic nicely
Thanks for your support :)
Excellent work.
Thank you so much 😀
Excellent video 👍
Thank you very much!
You enabled load balancer in public subnet and registered target group in private subnets. Can you please explain this part
Please correct me if I am wrong.... Ignore my above comment. So basically where we have enabled our load balancer in an AZ, our target group instances should also remain in that particular AZ. Is it a correct understanding?
yes, that's correct!
Why you not used nacl here?
Videos are good
thanks! sure, can use nacl. it's is an additional layer of network security. It's there by default and it allows all traffic by default.. We can adjust that as per our needs. However, here am just sticking to security groups.
Simple n good 👌👍
Thanks a lot 😊
I am trying to access with putty to the instance to modify the HTML but it is not working, can you please help me I am working in the same IP address I specify in the Security Group.
Hi Ivanna,
Since the instances are in private subnet, you have to use a bastion host to ssh into the instance. Please refer th-cam.com/video/jndBMIJ9gOI/w-d-xo.html to know how to setup a bastion host.
Thanks.
Do you teach private online classes??
sorry, not at the moment.
Thank you ;)
You're welcome! :)
Thank you so much!
You're welcome! :)
Hi, i am running a simple php server on the ec2, not matter what i do, the load balancer health check always says unhealthy. I have the same setup as yours, but i am just running a index.php using apache2. Please help
Could you please check the below settings -
1. The security group associated with the servers allows port 80 access from LB security group
2. The security group associated with the LB allows port 80 access from 0.0.0.0
3. The NAT gateway and Internet gateways are attached to the private and public subnets respectively
4. The health checks are configured correctly with appropriate settings as shown
how to connect nat to private network
Please refer to th-cam.com/video/NLgiUuGEHlY/w-d-xo.html. This explains about NAT gateways and how to create one.
haha that enough talking was cute
thanks
i have configured same way, but it's didn't workout. Servers are being unhealthy if we give public subnet while creating Load Balancer.
Could you please check the below settings -
1. The security group associated with the servers allows port 80 access from LB security group
2. The security group associated with the LB allows port 80 access from 0.0.0.0
3. The NAT gateway and Internet gateways are attached to the private and public subnets respectively
4. The health checks are configured correctly with appropriate settings as shown
Yes, facing the same issue
And can you make a video how to trouble shoot load balancer
In health checks we not defined the path,that may be issue?
@@pranav2019 Did y'all figure out the problem?
@@AndyCutright here in this video path is not defined
I also don't know exactly, but I raised the question