Browse through the questions and answers listed below or filter and sort to narrow down your results.
How to configure ELB to allow outbound API calls from third-party SDKs
I have an Elastic Beanstalk application in a custom VPC running a .NET Linux instance that has a endpoint that uses a third-party SDK. The SDK needs to make a separate API call when the endpoint is hit. As an experiment, when I put the instance in a public subnet, this works. However, once I configure a Classic Load Balancer in front of the instance, I get a 504 "GATEWAY_TIMEOUT" on this endpoint. Note that all my other endpoints still work behind the Classic Load Balancer. As another experiment, I opened up all the related security groups to allow all inbound/outbound traffic from all IPs but it still did not work. What could I be missing here?
Launch Announcement - New ALB enhancements provide options to specify how to process Host header and X-Forwarded-For header
We are happy to announce that we just launched two enhancements to define how the Application Load Balancer (ALB) will process *Host* header and *X-Forwarded-For* header. These options provide additional flexibility in handling HTTP/HTTPS requests and allow customers to migrate their workloads to ALB. *Background:* AWS customers had asked for flexibility in specifying how ALB would handle Host and X-Forwarded-For headers in HTTP/HTTPS Requests. The enhancements are as follows: *Host Header Enhancement:* * Currently, ALB modifies Host header in the incoming HTTP/HTTPS Request, and appends listener port before sending it to targets. For example, the Host: www.amazon.com header in the HTTP Request is modified to Host: www.amazon.com:8443 before ALB sends it to targets. This will remain the default behavior for backward compatibility. * With this enhancement, when enabled using a new attribute, ALB will send the Host header without any modification to the target. For example, the Host: www.amazon.com header in the HTTP Request will not be modified and sent to target as is. *X-Forwarded-For Header Enhancement:* * Currently, ALB appends IP address of the previous hop to the X-Forwarded-For header before forwarding it to targets. This will remain the default behavior for backward compatibility. * With this enhancement, customers can now specify whether the ALB should preserve or delete the X-Forwarded-For header before sending it to the targets. *Launch Details:* * Both enhancements do not change the default behavior and existing ALBs are not affected. * The enhancements are available using API and AWS Console. * The enhancements are available in all commercial, GovCloud, and China regions. These will be deployed in ADC regions at a later date based on demand. *Launch Materials:* * Documentation for Host header enhancement - https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#host-header-preservation * Documentation for X-Forwarded-For header enhancement - https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html#x-forwarded-for Please give these enhancement a try. Thank you.
ECS microservices scaling with ALB target group limitation
Hello, As stated in the [alb docs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) the "Target Groups per Application Load Balancer" is set to 100 hard limit. I have a customer who is using `ALB` with `ECS` to implement their microservices and are up to 75 `target groups` and will at some point hit the 100 `target group limit`. Just wondering what or if their is a recommend way to over come this limit ? Best I can come up with is to have a small chain of `ALBs`. So have an `entry ALB` will route traffic based on some rules to say 3 other `ALBs` downstream that in turn point to the `target groups` that have the `ECS` services but not convince this is the best solution. Is there are alternative solutions then please let me know thanks alexis
Change Elastic Beanstalk ALB from internal to public internet-facing?
Hi, I have an EB stack which initially deploys to UAT internally and so has an internal load balancer (YAML: "LoadBalancerScheme: internal"). For production deployment, we simply change stage variables called by the YAML, so it updates the EB with production values. This works fine with classic ELB. But with ALB (ELBv2), it fails with: > The following target groups cannot be associated with more than one load balancer Is it not possible to change an existing EB environment from internal to public load balancer of the same type? If not, any good workarounds without deploying a completely separate environment (which is what I've been doing)? Thanks
Invalid SSL Certificate
Hi, my domain is registered in godaddy and my hosting server is aws, to get ssl certified i have set up my dns server in cloudflare, but it's not working. somehow i get to know that my hostname (mydomain.com) does not match the common name (example.com) so that's why the certificate is invalid for this host. Now, can anyone guide me how can i change this common name?
Custom endpoint not redirecting to domain endpoint in opensearch
I have created a custom endpoint along with DNS hostname and certificate. The old default domain is working(when I ping) but not the custom endpoint. I tried creating a CNAME but it says `[RRSet of type CNAME with DNS name vipanchi.aos-cluster-hc.pdx.alpha.entity-extractor.ember.aws.dev. is not permitted at apex in zone vipanchi.aos-cluster-hc.pdx.alpha.entity-extractor.ember.aws.dev.]` There is no load balancer being used for my Opensearch. Is there any other way I can redirect the traffic to the custom endpoint? For ARecord, I can only see that we require a load balancer.
Weird loadbalancing behavior from Classic ELB
We have 4x EC2 instances with httpd web server scattered across B and D zones. In random times of the day, one of the instances in Zone B would get none of the traffic and have its traffic rerouted the other EC2 instance in that zone. The **user-traffic** would be like this: 1. Zone B, Instance 1 - 50% 2. Zone B, Instance 2 - 0% 3. Zone D, Instance 3 - 25% 4. Zone D, Instance 4 - 25% I mentioned user-traffic above because the traffic from health checks during this period are equal across all machines and all of them are fine. After 5 minutes it would return back to normal. Any help would be appreciated.
ALB: What will happen if I have too many connections that have to wait for idle timeout elapsed to close?
1. I think that if I set the idle timeout of the ALB to be higher, it means that the time of 1 connection if there is nothing sent or received, the connection time will be longer. And the next connections will have to wait for the previous connections to be closed before they can reach to the target. And in this case, there will be impacts on query performance. 2. Because ALB is used as a load balancer, Since the required LCU is automatically assigned in terms of the number of connections, etc., ALB itself may change the billing amount, but it is extremely unlikely that performance will deteriorate. => Question: 1. In the above 2, which statement is right? 2. And in the case that I have too many connections that have to wait for idle timeout elapsed to close, is there any impacts on the performance of the webserver? Sorry for trouble you, but thank you!
EC2 instances unhealthy when created via ASG using cdk.
I am creating an ASG which will have a classical load balancer . The desired number of instances is 5 , I am starting the asg creation using a userdata but even after experimenting multiple times the load balancer shows unhealthy hosts,i changed the subnet type of the vpc as public but the number of healthy host for the elb remains 0 . Below is the code segment ``` Vpc vpc=new Vpc(this,"MyVPC"); AutoScalingGroup asg = AutoScalingGroup.Builder.create(this,"AutoScalingGroup").vpcSubnets(SubnetSelection.builder() .subnetType(SubnetType.PUBLIC) .build()).vpc(vpc).instanceType(InstanceType.of(InstanceClass.BURSTABLE2, InstanceSize.MICRO)) .machineImage(new AmazonLinuxImage()).minCapacity(1).desiredCapacity(5).maxCapacity(10).build(); asg.addUserData("#!/bin/bash\n" + "# Use this for your user data (script from top to bottom)\n" + "# install httpd (Linux 2 version)\n" + "yum update -y\n" + "yum install -y httpd\n" + "systemctl start httpd\n" + "systemctl enable httpd\n" + "echo \"<h1>Hello World from $(hostname -f)</h1>\" > /var/www/html/index.html"); LoadBalancer loadbalancer=LoadBalancer.Builder.create(this,"ElasticLoadBalancer").vpc(vpc).internetFacing(Boolean.TRUE).healthCheck(software.amazon.awscdk.services.elasticloadbalancing.HealthCheck.builder().port(80).build()) .build(); loadbalancer.addTarget(asg); ListenerPort listenerPort = loadbalancer.addListener(LoadBalancerListener.builder().externalPort(80).build()); ``` Also the instances those are created by default via ASG cannot be accessed on the web(by hitting their public IP) even after changing the security groups or making them all in a public subnet they are not accessible from instance connect,neither the load balancer shows these hosts healthy