Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to setup the NLB -> ALB architecture properly to have a Beanstalk application accessible from the internet?

0

Hello,

I have this script, which creates PHP beanstalk app with application lodbalancer. I need to have this app accessible from the internet. So this sccript creates another Network load balancer with Elastic IP pointing traffic to the ALB. But when I enter the Elastic IP into my browser, i get timeout. How to debug it? How to do the NLB->ALB architecture properly for HTTP traffic? Many thanks.

Initialize Elastic Beanstalk application

eb init "$APP_NAME" -r "$REGION" -p "$PLATFORM"

Create the Elastic Beanstalk environment with the Network Load Balancer (already created)

if ! eb create "$ENV_NAME"
--elb-type application
--instance-types t3.micro
--platform "$PLATFORM"
--region "$REGION"; then echo "Failed to create Elastic Beanstalk environment." exit 1 fi

Extract VPC ID

VPC_ID=$(aws ec2 describe-vpcs --region "$REGION" --query 'Vpcs[0].VpcId' --output text)

Extract SUBNETS

SUBNETS=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" --query 'Subnets[0].SubnetId' --output text)

Create an Elastic IP for the NLB

EIP_ALLOC_ID=$(aws ec2 allocate-address --region "$REGION" --query 'AllocationId' --output text)

Create Network Load Balancer

LB_ARN=$(aws elbv2 create-load-balancer
--name $LB_NAME
--type network
--scheme internet-facing
--query 'LoadBalancers[0].LoadBalancerArn'
--output text
--region $REGION
--subnet-mappings SubnetId=$SUBNETS,AllocationId=$EIP_ALLOC_ID)

Create Target Group

TARGET_GROUP_ARN=$(aws elbv2 create-target-group
--name $TARGET_GROUP_NAME
--protocol TCP
--port 80
--vpc-id $VPC_ID
--target-type instance
--query 'TargetGroups[0].TargetGroupArn'
--output text
--region $REGION)

Step 4: Create Listener

aws elbv2 create-listener
--load-balancer-arn $LB_ARN
--protocol TCP
--port 80
--default-actions Type=forward,TargetGroupArn=$TARGET_GROUP_ARN
--region $REGION

Register Elastic Beanstalk instances to the Target Group

INSTANCE_IDS=$(aws elasticbeanstalk describe-environment-resources
--environment-name "$ENV_NAME"
--query 'EnvironmentResources.Instances[*].Id'
--output text
--region "$REGION")

aws elbv2 register-targets
--target-group-arn "$TARGET_GROUP_ARN"
--targets Id="$INSTANCE_IDS"
--region "$REGION"

Topics
Compute
Tags
Network Load BalancerAWS Elastic Beanstalk
Language
English
asked a year ago245 views
1 Answer
0

To properly set up the NLB (Network Load Balancer) to ALB (Application Load Balancer) architecture for your Elastic Beanstalk application and ensure it is accessible from the internet, follow these steps for debugging and configuration:

Steps to Debug and Configure NLB -> ALB Architecture

  1. Security Groups:

    • Ensure that the security group associated with your NLB allows inbound traffic on the required ports (e.g., TCP port 80 for HTTP).
    • Verify that the security group for your Elastic Beanstalk instances allows traffic from the NLB’s security group.

  2. Subnet Configuration:

    • Confirm that the subnets where the NLB and ALB are deployed are public subnets, meaning they have a route to an internet gateway.

  3. Health Checks:

    • Make sure the health checks on the NLB target group are correctly configured. The health check protocol should match what your application responds to (e.g., HTTP or TCP).
    • Test the health of your instances by accessing the ALB directly to ensure they are healthy.

  4. Listener Configuration:

    • Ensure that the listener on the NLB is set up to forward traffic correctly to the ALB. Since ALB uses HTTP/HTTPS, ensure the listener is set to forward traffic to the ALB on the appropriate port.

  5. Check the ALB Target Group:

    • Verify that your Elastic Beanstalk instances are registered correctly with the ALB target group and that they are healthy. You can check this in the AWS console under the EC2 section.

  6. Elastic IP:

    • When you enter the Elastic IP in your browser and receive a timeout, it could be due to the NLB not properly routing the traffic. Check the target group and listener configuration.

Additional Steps:

  1. Test Direct ALB Access:

    • Before using the NLB, test accessing your application directly through the ALB to confirm it is working correctly.

  2. Logs and Monitoring:

    • Enable logging for both the NLB and ALB to gather more insights on traffic and potential issues.
    • Use CloudWatch metrics to monitor the health and performance of both load balancers.

Can you also post output of curl or telnet to the NLB IP?

AWS
answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content