Questions tagged with Elastic Load Balancing
Content language: English
Sort by most recent
AWS should not take capital letters in DNS URL
Why is AWS ELB field designed to allow capital letters ? The global truth is that DNS in browser always is parsed as lowercase letters . When using them as PUBLIC IP in applications, we must parse it as lowercase as well although AWS Load Balancer field allows capital letters. Then why allow capital letters at all ? Should not this be an improvement on AWS side ?
CloudFront - Internal ELB Origin
Hi all, By Documentation to be able to use ELB as an Origin for a CloudFront Distribution it should be internet-facing. the question is why CloudFront is showing also Internal Load Balancers between the list of possibile Origin Domains that can be selected during the creation of a new Origin ? there is a way to use CloudFront with Private resources ?
Elastic Beanstalk application deployment took long time than expected.
I'm deploying an ECS Based application via Elastic Bean Stalk, it's been executed for a long time. ``` Environment health has transitioned from Pending to Severe. The command is executing on all instances (15 minutes or more elapsed). ``` This might be an issue with the permissions attached via the service role. How to resolve this issue?
Problem with application load balance that I cannot solve
We have an application load balancer with one instance but scales to 8. My problem is this. I have three mobile applications that log into the instances with POST and json and one of the applications can no longer log in. It logs into the test server that is not on the load balancer, but on the production server, it gives 502 bad gateway sporadically at first but now all the time. The server is not returning bad data because it works sometimes, it seems to be a problem with the load balancer not forwarding requests to the appropriate url. Can somebody give me a clue where to start dissecting this. I have looked at the code, I have looked at the application, and I have looked at the server, and the problem seems to lay with the load balancer just not cooperating for no reason given. Like I said, the other two applications work fine and they all share similar code. I just. found out about it from apple about the problem with the login and this 502 bad gateway error will not go away. Any help with 502 gateway errors would be appreciated. I have increased the timeout on the server, I have tried rebuild the load balancer which worked yesterday for about four hours then quit. I am at just a loss. Thanks in advance.
CSRF attack though ALB cookies because of samesite=none
I have a web application with tomcat, and I configured the jsessionid cookie for samesite=lax, and it prevents CSRF attacks. When I put the application behind an ALB with OIDC authenticator, I encounter the following issue: * ALB cookies explicitly set samesite=none. * The CSRF attack is a form POST submit from an external page. It sends the ALB cookies together with the request, but doesn't send my jsessionid cookie (as expected). * The ALB lets the request pass into the my application. The application sees this is a new session with an authenticated user and treats it as a legitimate request (typically it is the first request of the user after login and redirect from the IDP). It loads the user details and then proceeds with the request. Thus, the CSRF attack succeeds. How can I solve this? Is there a way to change the cookies in the ALB to use samesite=lax?
[AWS BUG?] NLB stops working during blue/green deployment with code-deploy.
I have a Fargate + ECS service, with an NLB with a TCP listener in 443 port and a TCP test listener in port 9443. We use NLB with TCP to do TLS termination the hosts (containers). I also have a second Target Group for blue/green deployments. All target types are setup to IPv4, and the service is working as expected outside deployments. I've run the following experiments: 1. When I run my integration tests outside of a deployment (both listeners are pointing to the same target group) all tests pass against both listeners (443 and 9443). 2. When I run them in the context of a deployment, in the AfterAllowTraffic hook (both listeners pointing to the replacement target group), all tests pass against both listeners (443 and 9443). 3. When I run the tests in the context of a deployment, in the AfterAllowTestTraffic hook, after I checked that listener 443 points to the blue target group, and the listener 9443 points to the green target group with a healthy container, neither of them pass, they fail to establish connection. However, If I run the tests directly against the container instances by targeting their IP, then all tests pass. 4. If I manually replicate the blue/green deployment setup, and point the test listener to other target group, so listener in 443 keeps pointing at a target group and then listener 9443 points to another target group, then both listeners STOP WORKING! 5. If in the experiment #4, I delete the listener on 9443, so there is only one listener in 443 targeting the blue target group, then it starts working again. Is this a misconfiguration on my side? It seems likely this is a problem in AWS-NLB side?
How many Nodes/Requested does Created/Manage by 1 ELB
I am new to ELB, Wanted to use Application load balancer. Total count of web users are near to 1k so How many ALB needed to manage these requests. How many nodes will be created by 1 ELB. How many EC2 can be configured to 1 ELB. Is it good to even go with 1 ELB to handle 4 EC2 or Go with 1 EC2 in which Apache load balancer install to handle these 4 EC2 since it is open source?
AWS Private Hosted Zone and Security Group
**Background:** I have 3 apps on EC2 - App1 supported by an Application Load Balancer(ALB), App2 & App3. App3 needs to communicate **internally** to both -> ALB and App2. ALB, App2 & App3 all have a security group (SG) with Inbound Rules that allow connections on Port 80 and 443 with Source as itself, i.e. it's own SG ID (so App3 can communicate with App2 and the ALB). App1 has a SG with Inbound Rules that allow connections on Port 80 and 443 with Source as ALB's SG (so that the ALB can forward requests to App1). I also have a Private Hosted Zone with records that have private ip for App2 and App3. For, ALB the value is the DNS name. **Question:** Now, when I make a request from App3 -> to App2, it works. However, App3 -> ALB does not. My observation for this is that App3 -> to App2 is resolved internally because of the private ip on the Private Hosted Zone. However, App3 -> ALB is not resolved internally because of the DNS name of the ALB. Looking for any ideas/pointers/suggestions. Thanks. **Workaround that works:** If I remove the ALB, and change App1's SG to the same as App2 & App3 and change Private Hosted Zone record from ALB DNS name to App1's private ip, App3 -> App1 also works. However, I cannot get it working with the load balancer.
Web app working in an EC2 instance but not in another
I have built a Python web app that accepts requests through GatewayAPI and sieves them via Lambda functions and SQS. The app also uses Redis and is deployed using an EC2 instance connected to Lambda functions via Load Balancers and Target Groups. Currently, the app is working perfectly as expected. However, when I deploy the same app into a different EC2 instance with the same specs and connect them to the same Lambda functions via different instances Load Balancer and Target Group, it fails to work properly despite having received the correct requests. The two EC2 instances use the same Redis server although with a different key. I have debugged every line of my code and still can't seem to find what or where the bug is. I am almost sure that I am doing something wrong on the AWS end. Could anyone help with where things might have gone wrong?
Creating ALB : Why do we need to select multiple subnets when creating ALB ? We are going map the ALB to Target group anyways.
Why do we need to select multiple subnets when creating ALB ? We are going map the ALB to Target group anyways. The target group will have EC2 instances from different subnet , so why this additional step of selecting Subnets when creating ALB ?